[OPENAM-7109] Allow user to adjust the size of Metadata that can be uploaded by the Common Task "Create SAMLv2 Providers" buttons. Created: 13/Oct/15  Updated: 20/Nov/16  Resolved: 17/Nov/15

Status: Resolved
Project: OpenAM
Component/s: console, SAML
Affects Version/s: 11.0.1, 11.0.2, 11.0.3, 12.0.0, 12.0.1, 13.0.0
Fix Version/s: 11.0.4, 12.0.3, 13.0.0

Type: Improvement Priority: Major
Reporter: Abel Hoxeng Assignee: Jonathan Thomas
Resolution: Fixed Votes: 1
Labels: 13.0.0-Backlog, EDISON, release-notes
Remaining Estimate: 0h
Time Spent: 3.5h
Original Estimate: Not Specified

Issue Links:
Relates
is related to OPENAM-7463 Document new FileUpload max file size... Resolved
Sprint: AM Sustaining Sprint 14
Support Ticket IDs:

 Description   

Currently, users are limited to the size of a file they can upload when they register a remote Identity Provider through the Common Tasks tab This seem to be caused by the FileUpload.jsp file. The section of code is as follows:

try {
            boolean limitExceeded = false;
            StringBuffer buff = new StringBuffer();
            is = request.getInputStream();
            bos = new BufferedReader(new InputStreamReader(is));
            String line = bos.readLine();
            while (line != null) {
                buff.append(line).append("\n");
                line = bos.readLine();
                if (buff.length() > (1024 * 50)) {
                    limitExceeded = true;
                    break;
                }

            }

To reproduce:

1. Create a metadata file larger than 1024 * 50.
2. Go to Common Tasks tab and try to Register Remote Identity Provider.
3. Select File for where metadata file resides, and press upload.
4. Browse to file, and select and open file.
5. Upload file, and user will see "Size limit Exceeded. Please verify your metadata file and try again."

It would be helpful if the user was able to adjust the size allowed by OpenAM to load larger files.



 Comments   
Comment by Corey Puffalt [ 13/Oct/15 ]

I'm not convinced this is a knob normal users should ever have to adjust themselves. Too much cognitive overload going on here! Rather OpenAM needs to have a proper default size limit out of the box. 50 kb is just too small!

Comment by Peter Major [X] (Inactive) [ 13/Oct/15 ]

Corey Puffalt 50k sounds like a perfectly reasonable default value, considering that most metadata files only really represent one SAML entity. I suppose you are running into the 50k limit because your SAML metadata is an aggregated Shibboleth metadata.

Comment by Corey Puffalt [ 13/Oct/15 ]

It was a meta-data file generated from a ADFS v3 IdP.

I still don't understand why such a low limit is baked into a .jsp file like that. Surely it makes sense to simply limit it to a size that will fit into memory easily and then perform validation on the actual xml rather than assuming that a size larger than 50kb is invalid. It's not user-friendly to have a validation check that can produce false negatives like this.

Unfortunately, this isn't the first well-meaning validation check that I've run across in OpenAM that produced a false negative...

Comment by Sam Drew [ 16/Nov/15 ]

This is fine to include in OpenAM 13.

Comment by Jonathan Thomas [ 16/Nov/15 ]

This has now fixed by adding a new server property that may be used to adjust the maximum file upload size for the FileUpload.jsp uploader.

``org.forgerock.openam.console.max.file.upload.size``

We've also increased the default size from 50k to 750k.

Generated at Fri Oct 23 23:55:46 UTC 2020 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.