The Message “Request Header Fields Too Large” can appear in Application Servers when using Windows Authentication with our Applications.
Prerequisites
- Version 24.4 or newer
- Deployment of
*.waror*.earin application server, such as Tomcat
Symptom
- Users with large amount of group memberships receive a
Request Header Fields Too Largewith HTTP status code 431 or 400
Reason
- Since v24.4 the Windows Authentication plugin supports negotiation using Kerbereos tickets. These tickets can get large, depending on the group memberships. See reference
Solution
You do one of the following to resolve the issue:
- Temporary: In the Login Settings of the applications Configuration Manager, change the
Negotiate + NTLMsetting toNTLM - Recommended: Change the maximum HTTP request header size in your Application Server (e.g. Tomcat) to, e.g. 64k. Details about how to do this can be found in your application server’s documentation.