ACS Service Limitations
Published: April 7, 2011
Updated: December 9, 2011
Applies To: Windows Azure
Rules Executed Eight Times per Input Token
Whenever ACS receives an input token for a relying party application, the ACS rules engine executes all rules associated with that relying party application simultaneously. If the rules output additional claims not present in the input token, then all rules are executed again with those claims as the input values. Rule execution stops when no new claims are issued after an execution completes, or eight executions have completed (whichever comes first).
Management Service Limits Query Results
When using the Management Service to query rule groups for rules, the service limits the query result to no more than 100 rules. This is because the Management Service uses the Open Data (OData) protocol and returning 100 objects at a time (paging) is standard behavior for OData endpoints.
The result size for each of the ACS entities is as follows:
Everything else: 50
Larger result sets can only be handled by implementing paging in your Management Service client code. For pagination examples, see How to: Load Paged Results (WCF Data Services) (http://go.microsoft.com/fwlink/?LinkID=193452).
Incoming Claims Limit
In order for the ACS to process and successfully issue a security token, the number of claims in the incoming token must be equal to or no greater than 80. If the number of the incoming claims is greater than 80, the following error message is generated: The number of input claims (#) exceeds the limit (80).