SPNEGO negotiation giving llegalArgumentException: Request header is too large on EAP 6

Solution Verified - Updated -

Issue

  • Using SPNEGO, the request header is too long (because of all the AD Groups) and is throwing a bad request (400).
  • I was recently added to a bunch of Active Directory groups and SPNEGO stopped working for my user
  • The first test in the JBoss Negotiation Toolkit is failing and logging the following debug message:
DEBUG [org.apache.coyote.http11.Http11Processor] (http--0.0.0.0-8080-1) Error parsing HTTP request header: java.lang.IllegalArgumentException: Request header is too large

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP) 6
  • SPNEGO/Kerberos authentication
  • User has a large number of groups assigned

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In