Salesforce1 App gives 404 error

    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All
    When trying to use Salesforce1 App it gives a 404 error. Using a browser to go to the same address works fine.
    A change in the App is causing massive query strings which is exceeding the limit

    In the IIS log, you should see the full error code is 404 15

    What the sub code of 15 means is "The Request Filtering module rejected a request with a too long query string." Eg, with the ginormous SAML that Salesforce1 App sends, it exceeds the Proxy/IIS limits by some margin and causes a 404 to be seen.



    To fix this issue, use Configuration Editor to increase the maxQueryString size and the maxURL size

    SalesForce has made a change that has pushed the QueryString over the normal limits.

    1. Open IIS
    2. Navigate to the Default Web Site
    3. In the Features View, click on Configuration Editor
    4. In Configuration Editor, Change the Section to system.webServer/security/requestFiltering


    5. Increase the maxQueryString and maxURL (See above screenshot for example limits)
    6. Apply the changes
    7. Repeat the change on any other IdPs

    Special Considerations:

    It's best practice to keep the MaxQueryString and MaxURL to as small a value as possible to avoid injection attacks so if you can get the App Vendor to reduce the size of the query, that's a better approach.

    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    0 out of 0 found this helpful



    Please sign in to leave a comment.