After setting maxQueryString and maxURL within IIS Manager, you may be presented with the same 404 error message

Follow
    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Cloud
  • Hybrid
  • On Premises
  • Version Affected:  9.2+

    Description:  

    When attempting to login to a realm via a Service Provider, the end-user may encounter a 404 error message.

     

    Cause:  

    The Service Provider is sending a query strings which is exceeding the limit set within IIS.

    In the IIS log, you should see the full error code is 404 15.

    What the sub code of 15 means is "The Request Filtering module rejected a request with a too long query string." Eg, The service provider is sending such a large AuthN request and other parameters in the query string that it exceeds the limits by some margin and causes a 404 to be seen.

     

    Resolution:  

    To resolve this issue, you may be required to manually edit the web.config for the realm having the issue.

    1. Open your IdP administration console

    2. Go to the Classic Admin/Advance Settings

    mceclip0.png

    3. Click on Admin Realm

    mceclip1.png

    4. Select the realm having the issue in the list

    5. Click on the 'System Info' tab on the top

    mceclip2.png

    6. Click on the Decrypt button

    mceclip3.png

    7. Open file explorer and browse to D:\SecureAuth\SecureAuthXXX, where XXX is the realm having the issue

    8. Open the web.config file using Notepad, or your normal text editing tool

    mceclip4.png

    9. Search for 'httpruntime' and find this section of the file

    10. Change the 'maxQueryStringLength' with a value of at least what was set in IIS Manager, or larger.

    11. Test to see if the realm is working properly again.

    <httpRuntime enableVersionHeader="false" requestValidationMode="2.0" targetFramework="4.7.2" maxQueryStringLength="4096" />

    12. If the issue is not resolved add 'maxUrlLength' before or after the 'maxQueryStringLength' with a value of at least what was set in IIS Manager, or larger.

    <httpRuntime enableVersionHeader="false" requestValidationMode="2.0" targetFramework="4.7.2" maxUrlLength="8192" maxQueryStringLength="4096" />

     

     

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.