ACS Processing >99 input claims
-
21. března 2012 15:48
I have an application where I'm transforming AD Group membership claims --> ACS claims. Members of the organization may belong to many groups. It is not unusual to have users with > 100 groups (QA, Dev, senior leadership). I've trimmed the number of output claims to something reasonable, but have no control over the set of input claims. Is there any way to request a larger number of permitted input claims? The message I get back is:
HTTP Error Code: 403
Message: ACS50000: There was an error issuing a token.
Inner Message: ACS60000: An error occurred while processing rules for relying party 'https://[rpa name removed/]' using issuer 'http://[adfs endpoint removed]'.
Inner Message: ACS60012: The number of input claims (99) exceeds the limit (80).
Trace ID: 45f378f9-d7f2-4e35-be56-0f0e44a50f81
Timestamp: 2012-03-21 15:37:33ZScott Seely
Všechny reakce
-
22. března 2012 6:55
Refer to this link to see if helps:
- Označen jako odpověď Arwind - MSFTModerator 27. března 2012 11:37
- Zrušeno označení jako odpověď Scott Seely 27. března 2012 14:19
-
27. března 2012 14:21
That article helps a bit in telling me that there are higher limits with AD.
Right now, we are pursuing a path of doing the filtering on the Windows ADFS side instead of transforming the claimset on ACS.
Scott Seely
-
27. března 2012 21:19Configuring at your IdP may be your best option. This limit is not configurable on the ACS side.
- Označen jako odpověď Arwind - MSFTModerator 2. dubna 2012 3:59
- Zrušeno označení jako odpověď Scott Seely 2. dubna 2012 12:08
-
2. dubna 2012 12:10 We wound up creating ~70 group claim filters on the ADFS side. The filtering is seen at the client as a difficult to maintain workaround. Will be looking for ACS to increase the limits to something reasonable in the near future.
Scott Seely
- Označen jako odpověď Scott Seely 2. dubna 2012 12:10
