ACS Service Limitations

Published: April 7, 2011

Updated: December 9, 2011

Applies To: Windows Azure

Rules Executed Eight Times per Input Token

Whenever ACS receives an input token for a relying party application, the ACS rules engine executes all rules associated with that relying party application simultaneously. If the rules output additional claims not present in the input token, then all rules are executed again with those claims as the input values. Rule execution stops when no new claims are issued after an execution completes, or eight executions have completed (whichever comes first).

Management Service Limits Query Results

When using the Management Service to query rule groups for rules, the service limits the query result to no more than 100 rules. This is because the Management Service uses the Open Data (OData) protocol and returning 100 objects at a time (paging) is standard behavior for OData endpoints.

The result size for each of the ACS entities is as follows:

• Rules: 100
  
  
• Everything else: 50
  
  

Larger result sets can only be handled by implementing paging in your Management Service client code. For pagination examples, see How to: Load Paged Results (WCF Data Services) (http://go.microsoft.com/fwlink/?LinkID=193452).

Incoming Claims Limit

In order for the ACS to process and successfully issue a security token, the number of claims in the incoming token must be equal to or no greater than 80. If the number of the incoming claims is greater than 80, the following error message is generated: The number of input claims (#) exceeds the limit (80).