SPNEGO negotiation giving llegalArgumentException: Request header is too large on EAP 6
Issue
- Using SPNEGO, the request header is too long (because of all the AD Groups) and is throwing a bad request (400).
- I was recently added to a bunch of Active Directory groups and SPNEGO stopped working for my user
- The first test in the JBoss Negotiation Toolkit is failing and logging the following debug message:
DEBUG [org.apache.coyote.http11.Http11Processor] (http--0.0.0.0-8080-1) Error parsing HTTP request header: java.lang.IllegalArgumentException: Request header is too large
Environment
- Red Hat JBoss Enterprise Application Platform (EAP) 6
- SPNEGO/Kerberos authentication
- User has a large number of groups assigned
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
