Forum Discussion
PK_294685
Nimbostratus
NimbostratusBig-IP header authorization size is limited ??
Folks,
I have an iRule that pulls access session variables, base64encode and inserts into header as authorization. It was working fine until we start to receive too many values in the access session variable. I can see all the values in the session variable under event logs but the authorization is sending only 880 bytes of base64encoded token to backend servers (Cutting half of the token). My http header size in the profile is set to default and current header size not even near to that value(32768Bytes).
FYI- the incoming session variables are SAML attributes and i'm setting variables(set x [Access::session data get "somesamlvariable"] ) to store these saml attributes and sending them in the header as auth header.
Any help is appreciated!
3 Replies
JGCumulonimbus
Good to know you've got it sorted - and reported back!
- P_K
Altostratus
Hi Jie, Thanks for the response!
I checked the header size and found its not the issue..
No errors in the logs either . I tested different users and every user token is cutting at 880 bytes and assumed this is because of the too many values.Anyway, I found that its a limitation probably on the log local0 command. I log the token before sending it to backend servers, The logged token shows 880 bytes of base64encode token but the backend server logs show full token which is good.
In the conclusion, the whole token is being sent to backend but not logging the full token. - JG
How did you know it's because of "too many values"? Any error messages in the browser, or in the log?
