SPNEGO negotiation giving llegalArgumentException: Request header is too large on EAP 6

Solution Verified - Updated -


  • Using SPNEGO, the request header is too long (because of all the AD Groups) and is throwing a bad request (400).
  • I was recently added to a bunch of Active Directory groups and SPNEGO stopped working for my user
  • The first test in the JBoss Negotiation Toolkit is failing and logging the following debug message:
DEBUG [org.apache.coyote.http11.Http11Processor] (http-- Error parsing HTTP request header: java.lang.IllegalArgumentException: Request header is too large


  • Red Hat JBoss Enterprise Application Platform (EAP) 6
  • SPNEGO/Kerberos authentication
  • User has a large number of groups assigned

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In