 |
 |
I attached the logfile... The last line would repeat forever unless I ctrl-c it. I followed your advice to make less and longer SAML-AAA-Assertion values, I also removed other attributes so as to save some bytes: http://pastebin.com/Fyafb0vp it works, I can now send the certificate and the key, but...If the cert or key is longer, I am still in trouble. Is there a way how to send longer certs and keys, or more attributes after user is authenticated? Ideally set inside of the script. (I originally used my instance of the exec module to run script in which I set SAML-AAA-Assertion and then call the module inside post-auth section on freeradius - need to read different certs and keys). Regards Marcel On 10/30/2013 05:33 PM, [log in to unmask] wrote: >> I came across a problem when trying to send many SAML assertions in >> update reply block of post-auth section in a sites-enabled/default. >> If it consists of too many SAML-AAA-Assertion += 'something' , >> freeradius is printing in neverending loop (at least it printed several >> minutes before I ctrl-c it.): >> WARNING: Failed encoding attribute SAML-AAA-Assertion > > A RADIUS Access-Accept packet is size-limited. It can only accept 4096 bytes. Your SAML assertion alone is 3,685 bytes, which leaves around 400 bytes for other stuff (like other attributes in the packet, headers etc). > > This might be one of those moments... > > Can you possibly post a link to a debug log (i.e. running "radius -X" and capturing the output of an authentication request)? This might be something to run past the FreeRADIUS folks too to see whether this error message has something to do with the size. > > With Regards > > Stefan > >