[OPENAM-14179] Additional limitations could be added for stateless sessions Created: 02/Jan/19  Updated: 24/Jan/19  Resolved: 24/Jan/19

Status: Resolved
Project: OpenAM
Component/s: documentation
Affects Version/s: None
Fix Version/s:,, 7.0.0

Type: Bug Priority: Major
Reporter: Dom Reed Assignee: Cristina Herraz
Resolution: Fixed Votes: 0
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 1|hzxc8f:
Sprint: 2019.2 - AM Docs - Hmm
Needs backport:
Support Ticket IDs:
Needs QA verification:
Functional tests:
Are the reproduction steps defined?:
No (add reasons in the comment)


Had a KB request for this but doesn't make sense to split the info across docs and KB given there is already a section for this: https://backstage.forgerock.com/docs/am/6.5/authentication-guide/#session-state-client-based-limitations 

Additions are:

The extra things seen is
a) IDP (Classic SSO) login will add FullLoginURL with the SAMLResponse and this may blow up the Cookie size cause failure
b) SAML2 Custom Authentication module if used and if there is many SAML2 Assertion attributes then these will be added to the Stateless cookie (unless the attributes is not mapped). This also will cause cookie size limit
c) SAML2 SP Adapter may not be able to change session property (for Classic/Legacy/standalone module SAML) as the stateless session may be created. So some of these may need to be done on PAP.

Please contact @chee-weng.chea for further info if needed

Comment by Cristina Herraz [ 07/Jan/19 ]

These are not limitations of client-based sessions, but things that can cause the client-based cookie size to be too big for the browser to handle.
Therefore, these should not be documented in that particular section.

However, there are some places in the Authentication Guide were we add a caution about the cookie size (and probably we can point this out in the SAML guide, too).

Comment by Cristina Herraz [ 24/Jan/19 ]

Added information in the SAML guide and backported.

Generated at Sat Feb 27 03:41:02 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.