Errors similar to the following are shown in the debug logs:
- Federation debug log:libSAML:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main] HttpRequest content length= 21709 libSAML:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main] content length too large21709 libSAML:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main] SAMLUtils.sendError: error page/saml2/jsp/saml2error.jsp
- Authentication debug log:amAuthSAML2:10/11/2021 11:22:07:474 AM CET: Thread[http-nio-8080-exec-1,5,main]: TransactionId[49fa5c97-841b-a433-41d5-42f76963c271-417578699] ERROR: SAML2Proxy: content length too large
You may also see the following message in the browser when this occurs:HTTP Status 400 - Content length of the SOAP request is too long
The content length of the SAML request exceeds the value set for the Maximum allowed content length property. The default value for this property is 20480 (bytes).
This issue can be resolved by increasing the value of the Maximum allowed content length property to a value that is greater than the one reported in the debug log. There is not a recommended value for this property; it is there to prevent exceptionally long requests being processed and you should set it to allow the expected length of requests in your environment.
You can change this property using either the console, Amster or ssoadm:
- Console: navigate to: Configure > Global Services > Common Federation Configuration > Maximum allowed content length and enter a new maximum content length value.
Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
- Entity: CommonFederationConfiguration
- Property: maxContentLength
- ssoadm: enter the following command: $ ./ssoadm set-attr-defs -s sunFAMFederationCommon -t global -u [adminID] -f [passwordfile] -a MaxContentLength=[maxlength]replacing [adminID], [passwordfile] and [maxlength] with appropriate values.
You must restart the web application container in which AM runs to apply these configuration changes.