CA Client Automation

 View Only

SSO Kerberos fails when user in many groups

  • 1.  SSO Kerberos fails when user in many groups

    Posted May 17, 2018 09:32 AM

    HI All.


    I've just managed to get Single Sign On working in the Automic AWI. I found that IE would seemingly redirect to a 400 page and Chrome would be stuck obtaining a Kerberos token.  I found that it worked with another an admin user account and we thought it was down to browser settings but it was actually the number of AD groups that my user belong to. 


    The fix is to add the following part to the Connector in the Tomcat Server.xml file.

        <Connector port="443" protocol="org.apache.coyote.http11.Http11Protocol"
                keystoreFile="a_certificate" keystorePass="a_password"
                maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
                clientAuth="false" sslProtocol="TLS"


    This is the part you need - maxHttpHeaderSize="16384"