Hello
I use mod_auth_mellon's MellonSamlResponseDump setting to dump the SAML
assertion in Apache environment. But when trying to use PHP-FPM (PHP in
a separated process), it breaks, because mod_proxy_fcgi limits
envirnoment variable size to 16k. From the code:
avail_len = 16 * 1024;
/* our limit per record, which could have been up
* to AP_FCGI_MAX_CONTENT_LEN
*/
The assertion is overflows the limit by 365 bytes. Most of the space is
taken by x509 certificates. Reading the code, it seems simpleSAMLphp can
send certFingerprint instead of X509Certificate in SAML assertion. Is
there a way to configure this, or does it require modigying the code?
If I return after $element->setSignatureKey($privateKey); in
sspmod_saml_Message::addSign() without setting the certificate, it seems
to work fine with the SP.
And generally speaking, what is the value of sending the x509
certificate? This increase message size, but for what gain?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
ma...@netbsd.org