ForgeRock Identity Platform
Does not apply to Identity Cloud

Agent (All versions) does not redirect user correctly if the redirect URL is too long

Last updated Jan 11, 2023

The purpose of this article is to provide assistance if users are not redirected by the Agent as expected when the redirect URL is too long. This issue affects both Web and Java Agents.


The user is redirected incorrectly when the redirect URL is too long; shortening the URL results in a successful redirection.

An error similar to the following is shown in the patternMatching debug log when this happens:

RedirectUrlValidator.isRedirectUrlValid: The url was length nnnn which is longer than the allowed maximum of 2000

Where nnnn signifies the length of the redirect URL.

Recent Changes



The maximum redirect URL that can be validated by AM is 2000 characters by default. If the length of the URL exceeds this, validation of the requested goto URL will not succeed and therefore does not redirect to the expected page.


This issue can be resolved by increasing the maximum length of the redirect URL to at least the number stated in the patternMatching debug log. This is an advanced property (org.forgerock.openam.redirecturlvalidator.maxUrlLength).

You can update this property using either the AM admin UI, Amster or ssoadm:

  • AM admin UI: navigate to: Configure > Server Defaults > Advanced > org.forgerock.openam.redirecturlvalidator.maxUrlLength and enter the maximum redirect URL length that can be validated.
  • Amster: follow the steps in How do I update property values in AM (All versions) using Amster? with these values:
    • Entity: DefaultAdvancedProperties
    • Property: org.forgerock.openam.redirecturlvalidator.maxUrlLength
  • ssoadm: enter the following command: $ ./ssoadm update-server-cfg -s default -u [adminID] -f [passwordfile] -a org.forgerock.openam.redirecturlvalidator.maxUrlLength=[length]replacing [adminID], [passwordfile] and [length] with appropriate values.

You must restart the web application container in which AM runs to apply these configuration changes.

See Also

redirect_uri_mismatch error occurs after upgrading to, or installing Agents (All versions)

Agents and policies in AM

Advanced Properties

Related Training


Related Issue Tracker IDs


Copyright and Trademarks Copyright © 2023 ForgeRock, all rights reserved.