HTTP 400 - Bad Request (Request Header too long) in ADFS page RRS feed

  • Question

  • Team, Let me know if any one gone through this error before ? 

    We have one user happen to see this problem when opening webpage which is added as a relying party trust in ADFS 3.0, the error is -  HTTP 400 - Bad Request (Request Header too long).

    It is same in different machine. 

    It is happening to all the Relying parties he has, it goes away by clearing the session cookies or opening in private window.

    I saw the below URL but I am not certiain whether user is having max token value. https://support.microsoft.com/en-in/help/2020943/http-400-bad-request-request-header-too-long-response-to-http-request

    Currently user is member of 700 groups ( this include nested one) . 

    I did the MS script which says the effective Max token size for ADFS is 48000 and estimated token size including the delegation is 17008 so that is within the limit. And no problem not detected. 

    Wednesday, December 11, 2019 7:41 PM

All replies

  • This indeed looks like max token issue, try reducing the group memberships for testing.

    Mark the answer if it helps you.

    Thursday, December 12, 2019 7:49 AM