locked
ACS Processing >99 input claims RRS feed

  • Question

  • I have an application where I'm transforming AD Group membership claims --> ACS claims. Members of the organization may belong to many groups. It is not unusual to have users with > 100 groups (QA, Dev, senior leadership). I've trimmed the number of output claims to something reasonable, but have no control over the set of input claims. Is there any way to request a larger number of permitted input claims? The message I get back is:

    HTTP Error Code: 403
    Message: ACS50000: There was an error issuing a token.
    Inner Message: ACS60000: An error occurred while processing rules for relying party 'https://[rpa name removed/]' using issuer 'http://[adfs endpoint removed]'.
    Inner Message: ACS60012: The number of input claims (99) exceeds the limit (80).
    Trace ID: 45f378f9-d7f2-4e35-be56-0f0e44a50f81
    Timestamp: 2012-03-21 15:37:33Z


    Scott Seely

    Wednesday, March 21, 2012 3:48 PM

Answers

  • We wound up creating ~70 group claim filters on the ADFS side. The filtering is seen at the client as a difficult to maintain workaround. Will be looking for ACS to increase the limits to something reasonable in the near future.

    Scott Seely

    • Marked as answer by Scott Seely Monday, April 2, 2012 12:10 PM
    Monday, April 2, 2012 12:10 PM

All replies

    • Marked as answer by Arwind - MSFT Tuesday, March 27, 2012 11:37 AM
    • Unmarked as answer by Scott Seely Tuesday, March 27, 2012 2:19 PM
    Thursday, March 22, 2012 6:55 AM
  • That article helps a bit in telling me that there are higher limits with AD.

    Right now, we are pursuing a path of doing the filtering on the Windows ADFS side instead of transforming the claimset on ACS.


    Scott Seely

    Tuesday, March 27, 2012 2:21 PM
  • Configuring at your IdP may be your best option. This limit is not configurable on the ACS side.
    • Marked as answer by Arwind - MSFT Monday, April 2, 2012 3:59 AM
    • Unmarked as answer by Scott Seely Monday, April 2, 2012 12:08 PM
    Tuesday, March 27, 2012 9:19 PM
  • We wound up creating ~70 group claim filters on the ADFS side. The filtering is seen at the client as a difficult to maintain workaround. Will be looking for ACS to increase the limits to something reasonable in the near future.

    Scott Seely

    • Marked as answer by Scott Seely Monday, April 2, 2012 12:10 PM
    Monday, April 2, 2012 12:10 PM
  • Hi,

    I deployed ACS+ADFS 1 year ago and now we start to receive the same issue so the limit of 80 was exceeded. Si there a solution for that?

    Is there a way to increase this limit?

    Thanks 


    Lourh

    Wednesday, November 5, 2014 6:12 PM
  • Start by opening up a support ticket with Windows Azure and ask to get the limit bumped. The final fix wound up being a request to the ACS team to raise the limit.

    When I posted this issue a few years back, I wasn't working for Microsoft. Please post back if you have issues getting the limit raised on your ACS instance.


    Scott Seely

    Wednesday, November 5, 2014 8:18 PM