Issue with large HTTP headers for ECP authentication
Cantor, Scott
cantor.2 at osu.edu
Wed Dec 12 09:37:34 EST 2018
On 12/12/18, 9:31 AM, "users on behalf of Daudt, Carl" <users-bounces at shibboleth.net on behalf of crdaudt at taylor.edu> wrote:
>
> Scott, I might have mislead you and other readers to infer that the size of the shib_idp_session_ss cookie was growing
> over time.
Yes, my mistake. I definitely was thinking in those terms and trying to imagine cases that might happen.
> (3) Then in attribute-resolver.xml, we removed the <ReturnAttributes> line in the DataConnector for LDAP.
You certainly *can*, but that will obviously cause it to return everything, which may be unnecessary. Usually it's best to enumerate what you want from it to control the "namespace" of internal attribute names floating around the resolver.
Whether it's preferred to do it inline or in a property is style, but I think properties ended up overused with the resolver, I don't personally care for the lack of locality of reference, not to mention losing reloadability.
Thanks for clarifying,
-- Scott
More information about the users
mailing list