>>>>> "Rhys" == Rhys Smith <[log in to unmask]> writes:
Rhys> Anything <=247 characters goes through fine. Anything > 247
Rhys> characters disappears (as we knew).
Rhys> However, our assumption that it was not traversing the network
Rhys> okay or disappearing in our code was wrong, it actually seems
Rhys> to disappear between what the output of radiusd -X shows
Rhys> (which shows me the SAML-AAA-Assertion split into chunks but
Rhys> with nothing missing) and the packets actually leaving the
Rhys> freeradius IdP box as I see in tcpdump, where anything beyond
Rhys> character 247 disappears. So the other end is receiving what
*slaps head*
O, right. We're using VSAs. They have extra overhead over normal
attributes. This is entirely expected. 247 is the magic number
255 bytpe attribute
-1 byte of length: 254
-1 byte of VSA attribute tag: 253
-3 bytpes of enterprise number: 250
O, hmm, I don't remember the encoding of a VSA, but I can easily believe
another 3 bytes of wastage.
