On CAS 6 when we use *wsfederation* the cookie *WSFEDDELSESSION* has size below *3kB* on initial */wsfedredirect* request. Every next request regenerates *WSFEDDELSESSION* cookie with similiar size.
After migration to CAS 7 we have noticed that the *WSFEDDELSESSION* cookie size is a little bigger on first request but it exceeds *8kB *on second request. The browser denies accepting HTTP headers bigger than *4kB *so the cookie is ignored and remains with the previous value. After some investigation I think there is some misuse of Service instance when it is stored as a cookie in *WsFederationCookieManager*: https://github.com/apereo/cas/blob/0c18494fe7203dd31deb770ab49e620549d2b7e9/support/cas-server-support-wsfederation/src/main/java/org/apereo/cas/support/wsfederation/web/WsFederationCookieManager.java#L99 In CAS 7 there is a change in Service populated attributes comparing to CAS 6 implementation: https://github.com/apereo/cas/blob/0c18494fe7203dd31deb770ab49e620549d2b7e9/core/cas-server-core-services-authentication/src/main/java/org/apereo/cas/authentication/principal/AbstractServiceFactory.java#L113 These request oriented fields contain values of cookies and on the second */wsfedredirect* request one of these cookies is *WSFEDDELSESSION* cookie. After Service serialization it is substantially bigger because value of this cookie is about* 2,5kB* and it is repeated twice on Service attributes list (in *jakarta.servlet.http.HttpServletRequest.cookie-WSFEDDELSESSION* and in *jakarta.servlet.http.HttpServletRequest.header-Cookie*). In CAS 6 Service instance has no request oriented fields so cokkies are not serialized into *WSFEDDELSESSION *cookie. -- - Website: https://apereo.github.io/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/3b649b50-4b63-4ed6-a257-22160accd26dn%40apereo.org.
