如何减少SAML令牌大小 [英] How to decrease SAML token size
本文介绍了如何减少SAML令牌大小的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用SAML 1.1并通过fiddler查看,拥有50个左右的声明,令牌很容易达到15-20K。看起来有点过分传递那个大小的标记。有没有办法减小尺寸?可能会删除整个X509结构?除了GZip之外,在序列化时可以做些什么来减小尺寸?
Using SAML 1.1 and looking via fiddler, having 50 or so claims, the token easily goes to 15-20K. Seems a bit excessive to pass around a token of that size. Is there a way to decrease the size? Possibly remove the whole X509 structure? Besides GZip, anything that can be done to decrease the size when it is serialized?
推荐答案
在RTM位中,设置 SessionAuthenticationModule.IsSessionMode = true 提供"会话模式"对于被动客户端,类似于WCF活动客户端。在此模式下,只有相对较小的上下文ID放在线路上,而不是整个会话令牌。
依赖方站点始终保持收到的令牌缓存,以减少解析和验证传入cookie所需的时间,但可以从cookie重建缓存未命中。在会话模式下,在用户注销之前,不会从缓存中删除条目。这可能会导致服务器站点的内存使用量增加。
另外,与任何被动场景一样,该站点应通过安全(https)连接进行访问,因为令牌是一个承载令牌,必须是防止被盗。
要设置上述参数,请将 SessionSecurityTokenCreated 事件的事件处理程序添加到Global应用程序对象(如下所示)或被动登录控制。
In the RTM bits, setting SessionAuthenticationModule.IsSessionMode = true provides a "session mode" for passive clients, similar to WCF active clients. In this mode, only a relatively small context id is put on the wire, not the entire session token.
The relying party site has always maintained a cache of the tokens received to reduce the time needed to parse and validate an incoming cookie, but a cache miss could be reconstructed from the cookie. In session mode, the entries are not removed from the cache until the user signs out. This may incur higher memory usage on the server site.
Also, like any passive scenario, the site should be accessed over a secure (https) connection since the token is a bearer token and must be protected against theft.
To set the above parameter, add an event handler for the SessionSecurityTokenCreated event either to the Global application object (as shown below) or the passive signin control.
void WSFederationAuthenticationModule_SessionSecurityTokenCreated( object sender, Microsoft.IdentityModel.Web.SessionSecurityTokenCreatedEventArgs e )
{
Microsoft.IdentityModel.Web.FederatedAuthentication.SessionAuthenticationModule.IsSessionMode = true;
}
这篇关于如何减少SAML令牌大小的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
