21. března 2012 15:48
I have an application where I'm transforming AD Group membership claims --> ACS claims. Members of the organization may belong to many groups. It is not unusual to have users with > 100 groups (QA, Dev, senior leadership). I've trimmed the number of output claims to something reasonable, but have no control over the set of input claims. Is there any way to request a larger number of permitted input claims? The message I get back is:
HTTP Error Code: 403
Message: ACS50000: There was an error issuing a token.
Inner Message: ACS60000: An error occurred while processing rules for relying party 'https://[rpa name removed/]' using issuer 'http://[adfs endpoint removed]'.
Inner Message: ACS60012: The number of input claims (99) exceeds the limit (80).
Trace ID: 45f378f9-d7f2-4e35-be56-0f0e44a50f81
Timestamp: 2012-03-21 15:37:33Z
22. března 2012 6:55
Refer to this link to see if helps:
27. března 2012 14:21
That article helps a bit in telling me that there are higher limits with AD.
Right now, we are pursuing a path of doing the filtering on the Windows ADFS side instead of transforming the claimset on ACS.
27. března 2012 21:19Configuring at your IdP may be your best option. This limit is not configurable on the ACS side.
2. dubna 2012 12:10We wound up creating ~70 group claim filters on the ADFS side. The filtering is seen at the client as a difficult to maintain workaround. Will be looking for ACS to increase the limits to something reasonable in the near future.
- Označen jako odpověď Scott Seely 2. dubna 2012 12:10