Solutions
ForgeRock Identity Platform
Does not apply to Identity Cloud

content length too large error when sending and receiving SAML requests in AM (All versions)

Last updated Oct 12, 2021

The purpose of this article is to provide assistance if you encounter a "content length too large" error when sending and receiving SAML requests in AM. You may also see a "HTTP Status 400 - Content length of the SOAP request is too long" message in the browser.

1 reader recommends this article

Symptoms

Errors similar to the following are shown in the debug logs:

  • Federation debug log:libSAML:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main] HttpRequest content length= 21709  libSAML:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main]  content length too large21709  libSAML:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main]  SAMLUtils.sendError: error page/saml2/jsp/saml2error.jsp
  • Authentication debug log:amAuthSAML2:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main]: TransactionId[49fa5c97-841b-a433-41d5-42f76963c271-417578699] ERROR: SAML2Proxy: content length too large

You may also see the following message in the browser when this occurs:

HTTP Status 400 - Content length of the SOAP request is too long

Recent Changes

N/A

Causes

The content length of the SAML request exceeds the value set for the Maximum allowed content length property. The default value for this property is 20480 (bytes).

Solution

This issue can be resolved by increasing the value of the Maximum allowed content length property to a value that is greater than the one reported in the debug log. There is not a recommended value for this property; it is there to prevent exceptionally long requests being processed and you should set it to allow the expected length of requests in your environment.

You can change this property using either the console, Amster or ssoadm:

  • Console: navigate to: Configure > Global Services > Common Federation Configuration > Maximum allowed content length and enter a new maximum content length value.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
    • Entity: CommonFederationConfiguration
    • Property: maxContentLength
  • ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s sunFAMFederationCommon -t global -u [adminID] -f [passwordfile] -a MaxContentLength=[maxlength]replacing [adminID], [passwordfile] and [maxlength] with appropriate values.
Note

You must restart the web application container in which AM runs to apply these configuration changes.

See Also

SAML Federation in AM

Common Federation Configuration

Related Training

N/A

Related Issue Tracker IDs

N/A
Copyright and Trademarks Copyright © 2021 ForgeRock, all rights reserved.