1

When using MarkLogic (10.0-6) HTTP Server with SAML authentication, I have the following error with long SAML assertions. More specifically the cutoff appears to be 16361 characters. Is it possible to adjust the server behavior?

<html>
<head><title>400 Request Header Or Cookie Too Large</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<center>Request Header Or Cookie Too Large</center>
</body>
</html>
Fan Li
  • 1,057
  • 7
  • 11
  • 1
    Are you sure that's the MarkLogic response? I invoked a module that echos a request header and sent in a request with a header value with 16362 characters, and it returned just fine. – Mads Hansen Dec 17 '21 at 20:46
  • 1
    @Mads Hansen Thanks for the suggestion. Upon closer look, it appears to be a load-balancer issue. – Fan Li Dec 18 '21 at 01:24

1 Answers1

1

I believe this is likely an AWS ALB header size limit issue. According to this SO question and the AWS documentation, there is a hard limit on single header size (16K). As SAML assertions are typically long and verbose, I think this will unfortunately impact how SAML authentication can be used in MarkLogic as it is implemented now.

Fan Li
  • 1,057
  • 7
  • 11