Version Affected: 9.2+
Description:
When attempting to login to a realm via a Service Provider, the end-user may encounter a 404 error message.
Cause:
The Service Provider is sending a query strings which is exceeding the limit set within IIS.
In the IIS log, you should see the full error code is 404 15.
What the sub code of 15 means is "The Request Filtering module rejected a request with a too long query string." Eg, The service provider is sending such a large AuthN request and other parameters in the query string that it exceeds the limits by some margin and causes a 404 to be seen.
Resolution:
To resolve this issue, you may be required to manually edit the web.config for the realm having the issue.
1. Open your IdP administration console 2. Go to the Classic Admin/Advance Settings |
|
3. Click on Admin Realm |
|
4. Select the realm having the issue in the list 5. Click on the 'System Info' tab on the top |
|
6. Click on the Decrypt button |
|
7. Open file explorer and browse to D:\SecureAuth\SecureAuthXXX, where XXX is the realm having the issue 8. Open the web.config file using Notepad, or your normal text editing tool |
|
9. Search for 'httpruntime' and find this section of the file 10. Change the 'maxQueryStringLength' with a value of at least what was set in IIS Manager, or larger. 11. Test to see if the realm is working properly again. |
<httpRuntime enableVersionHeader="false" requestValidationMode="2.0" targetFramework="4.7.2" maxQueryStringLength="4096" /> |
12. If the issue is not resolved add 'maxUrlLength' before or after the 'maxQueryStringLength' with a value of at least what was set in IIS Manager, or larger. |
<httpRuntime enableVersionHeader="false" requestValidationMode="2.0" targetFramework="4.7.2" maxUrlLength="8192" maxQueryStringLength="4096" /> |
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.