Symantec Access Management

  • Private Community

  • 1.  MaxUserAttributeLength Setting being ignored

    Posted Mar 19, 2015 09:59 AM

    We increased this value of our policy servers (12.0 SP3 CR9) supporting SharePoint, and it has been working fine. We need to repoint the SP servers to another set of policy servers (12.0 SP3 CR12) and set the value for this the same on the new servers. For some reason, it is being ignored. We have restarted the policy server services and the entire server, but the problem persists. Can you think of a reason why this would be happening?



  • 2.  Re: MaxUserAttributeLength Setting being ignored

    Posted Mar 19, 2015 10:55 AM

    brodginskicc

     

    Are we sure it is being set in the correct properties file (both version, the files are different). See my comment from earlier thread Question about MaxUserAttributeLength Setting

     

     

    R12SP3CR09 : wsfed.properties

    R12SP3CR12 : entitlementgenerator.properties.

     

     

    A change was introduced in SiteMinder (starting R12 SP3 CR10) we have a different properties file called EntitlementGenerator.properties; this properties file is applicable for all Protocols.

     

    #################################################

    Default values for user assertion attribute length in EntitlementGenerator.properties are provided as follows:

          For WS-FED:

    Property name      : com.netegrity.assertiongenerator.wsfed.MaxUserAttributeLength

    Property Type       : integer

    Default value        : 1024

     

          For SAML1.1:

    Property name      : com.netegrity.assertiongenerator.saml1.MaxUserAttributeLength

    Property Type       : integer

    Default value        : 1024

     

          For SAML2.0:

    Property name      : com.netegrity.assertiongenerator.saml2.MaxUserAttributeLength

    Property Type       : integer

    Default value        : 1024

     

    If user configures a value < 0 or value = 0 for any of the above attributes, then default value of 1024 will be used.

    ####################################################



  • 3.  Re: MaxUserAttributeLength Setting being ignored

    Posted Mar 19, 2015 10:58 AM

    I asked if it would still work in the wsfed.properties file and you said it would. Did not get the impression it needed to be set in both. Do I need to use both? Will it work if I only use the entiitlements.properties file?



  • 4.  Re: MaxUserAttributeLength Setting being ignored

    Posted Mar 19, 2015 11:03 AM

    brodginskicc

     

    Ahhh I see my typo (corrected that, my bad). Thank You for pointing it out.

     

    Until R12SP3CR09 wsfed.properties is used.

    Post R12SP3CR10 wsfed.properties is ignored and only EntitlementGenerator.properties is honored.

     

    The crux is only one of the properties file is honored, not both (wsfed.properties is the older way and EntitlementGenerator.properties is future).

     

    Hope this helps (and apologies again on the typo).

     

     

    Regards

     

    Hubert