Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make max byte size configurable #598

Closed
dblessing opened this issue Jun 22, 2021 · 2 comments
Closed

Make max byte size configurable #598

dblessing opened this issue Jun 22, 2021 · 2 comments

Comments

@dblessing
Copy link

533c84e mitigated a vulnerability by creating a static max byte size (related to #383). We've encountered some cases where the SAML Response exceeds this size due to custom claims, such as when including groups a user is a member of.

For this reason, it would be great if the max byte size was configurable.

@pitbulk Do you think this would be a good feature?
@pitbulk
Copy link
Collaborator

pitbulk commented Jun 22, 2021

What byte size has your SAMLResponse?

@dblessing
Copy link
Author

@pitbulk In one case it looks like it was just less than .6MB. We believe some are even larger.

If it's configurable then each instance can increase it if necessary - otherwise it remains the low .25MB default.

@gitlab-djensen gitlab-djensen mentioned this issue Jul 15, 2021
Merged
2 tasks
@pitbulk pitbulk closed this as completed Feb 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pitbulk @dblessing