[RADIATOR] Reply packet too long

Heikki Vatiainen hvn at open.com.au
Wed Sep 14 07:35:03 CDT 2011


On 09/14/2011 03:19 PM, Markus Ludwig Grandpre wrote:

>> Try adding three SAML-AAA-Assertion attributes instead of one. Your
>> attribute seems to be over 600 characters which is way more than the 8
>> bit attribute length field can carry.
>>
>> The receiver may be able to concatenate the attributes back into one value.
> 
> Yes, the receiver is able to concatenate the attributes back into one
> value. But dividing SAML content to three SAML-AAA-Assertions:

Try this instead:

AddToReply SAML-AAA-Assertion=part1,SAML-AAA-Assertion=part2, ...

That is, use AddToReply only once but with multiple attributes.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list