[RADIATOR] Reply packet too long

Markus Ludwig Grandpre markus.grandpre at uni-konstanz.de
Wed Sep 14 06:41:34 CDT 2011 

Hello list,

I try to send a SAML assertion as an attribute in a Access-Accept
packet, but packet is too long (when using UDP). Is there a possibility
to distribute content of Access-Accept packet to several packets?

Your help is appreciated,
Markus Grandpre, RZ Uni Konstanz


Radiator configuration:
-----------------------

AddToReply SAML-AAA-Assertion = <saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
IssueInstant="2011-03-19T08:30:00Z" ID="foo"
Version="2.0"><saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer><saml:AttributeStatement><saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"><saml:AttributeValue>cantor.2 at osu.edu</saml:AttributeValue></saml:Attribute><saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"><saml:AttributeValue>moonshot</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>


Radiator log:
-------------

Code:       Access-Accept
Identifier: 14
Authentic:  ><152><183>`<240>J<203>8F<197><221><198>j<241>cT
Attributes:
        User-Name = "user"
        EAP-Message = <3><7><0><4>
        Message-Authenticator =
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
        SAML-AAA-Assertion = "<saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
IssueInstant="2011-03-19T08:30:00Z" ID="foo"
Version="2.0"><saml:Issuer>urn:mace:incommon:osu.edu</saml:Issuer><saml:AttributeStatement><saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6"><saml:AttributeValue>test</saml:AttributeValue></saml:Attribute><saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7"><saml:AttributeValue>test</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>"
        MS-MPPE-Send-Key =
<243>6b<18>$<213><187><18>f<28><199><200><205>y_Y<251><248>?6<141><155><192>1=<159><214><222><203><254>;<186>
        MS-MPPE-Recv-Key =
<248><28>pg(<249><212>Mu<244><168><5><246><255><1><200><28><182><251><132>^<7>UZ<169>~<8><152>m<185><147><128>

Error Message (sshd):
---------------------

sshd[28902]: debug1: Unspecified GSS failure.  Minor code may provide
more information\ninvalid packet: WARNING: Malformed RADIUS packet from
host (null): attribute 62 data overflows the packet (udp.c:118)\n

More information about the radiator mailing list