SPNEGO negotiation giving llegalArgumentException: Request header is too large on EAP 6

Solution Verified - Updated -

Issue

  • Using SPNEGO, the request header is too long (because of all the AD Groups) and is throwing a bad request (400).
  • I was recently added to a bunch of Active Directory groups and SPNEGO stopped working for my user
  • The first test in the JBoss Negotiation Toolkit is failing and logging the following debug message:
DEBUG [org.apache.coyote.http11.Http11Processor] (http--0.0.0.0-8080-1) Error parsing HTTP request header: java.lang.IllegalArgumentException: Request header is too large

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP) 6
  • SPNEGO/Kerberos authentication
  • User has a large number of groups assigned

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content