SPNEGO negotiation giving llegalArgumentException: Request header is too large on EAP 6
Issue
- Using SPNEGO, the request header is too long (because of all the AD Groups) and is throwing a bad request (400).
- I was recently added to a bunch of Active Directory groups and SPNEGO stopped working for my user
- The first test in the JBoss Negotiation Toolkit is failing and logging the following debug message:
DEBUG [org.apache.coyote.http11.Http11Processor] (http--0.0.0.0-8080-1) Error parsing HTTP request header: java.lang.IllegalArgumentException: Request header is too large
Environment
- Red Hat JBoss Enterprise Application Platform (EAP) 6
- SPNEGO/Kerberos authentication
- User has a large number of groups assigned
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.