-
Type:
Bug
-
Status: Resolved
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: documentation
-
Labels:
-
Sprint:2019.2 - AM Docs - Hmm
-
Needs backport:No
-
Support Ticket IDs:
-
Needs QA verification:No
-
Functional tests:No
-
Are the reproduction steps defined?:No (add reasons in the comment)
Had a KB request for this but doesn't make sense to split the info across docs and KB given there is already a section for this: https://backstage.forgerock.com/docs/am/6.5/authentication-guide/#session-state-client-based-limitations
Additions are:
The extra things seen is
a) IDP (Classic SSO) login will add FullLoginURL with the SAMLResponse and this may blow up the Cookie size cause failure
b) SAML2 Custom Authentication module if used and if there is many SAML2 Assertion attributes then these will be added to the Stateless cookie (unless the attributes is not mapped). This also will cause cookie size limit
c) SAML2 SP Adapter may not be able to change session property (for Classic/Legacy/standalone module SAML) as the stateless session may be created. So some of these may need to be done on PAP.
Please contact @chee-weng.chea for further info if needed