Issue with large HTTP headers for ECP authentication

[Daudt, Carl]

I would like to see what is inside this cookie but am not sure how to decrypt it (or else log what is going into it.  I have the sealer.jsk and sealer.kver files, and also the isp.sealer.storePassword and isp.sealer.keyPassword values.  Can these be used to crack what is inside?  If so, how?

Carl

-----Original Message-----
From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor, Scott
Sent: Monday, December 10, 2018 11:54 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: Issue with large HTTP headers for ECP authentication

If you don't want/need the ECP client to retain sessions for SSO, it can stop remembering the cookie but you don't control this client.

I imagine there's something stale that's not really valid or needed being kept around and accumulating in the cookie, but there are no bugs open on it and I don't see any older commits that might have to do with it if it's a known issue.

-- Scott


--
For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net


The information in this communication is intended solely for the individual or entity to whom it is addressed. It may contain confidential or legally privileged information. If you are not the intended recipient, any disclosure, copying, distribution or reliance on the contents of this information is strictly prohibited, and may be unlawful. If you have received this communication in error, please notify us immediately by responding to the sender of this email, and then delete it from your system. Taylor University is not liable for the inaccurate or improper transmission of the information contained in this communication or for any delay in its receipt.