Skip to main content
Skip table of contents

Kerberos SSO "Request header is too large" exception with Tomcat Application server


Single Sign on fails with spnegosecurity profile properly setup. In the catalina.yyyy-mm-dd.log file, the following, or similar, error message appears

INFO [http-apr-8080-exec-7] org.apache.coyote.http11.AbstractHttp11Processor.process Error parsing HTTP request header
Note: further occurrences of HTTP header parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Request header is too large
at org.apache.coyote.http11.InternalAprInputBuffer.fill(
at org.apache.coyote.http11.InternalAprInputBuffer.parseHeader(
at org.apache.coyote.http11.InternalAprInputBuffer.parseHeaders(
at org.apache.coyote.http11.AbstractHttp11Processor.process(
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(
at java.util.concurrent.ThreadPoolExecutor.runWorker(
at java.util.concurrent.ThreadPoolExecutor$
at org.apache.tomcat.util.threads.TaskThread$


It is likely that the tokensize of the security tokens of Kerberos were altered to have a bigger size. This can be done by the Kerberos Administrator for various reasons. The server.xml configuration file of the Tomcat server can be altered to handle the tokensize.

Changes to be done to the server.xml in the \apache-tomcat-8.0.36\conf path

  1. Edit the server.xml, using an adequate editor
  2. Find the "connection" section
  3. add the parameter maxHttpHeaderSize="xxxxx"
  4. save the file
  5. restart the Platform service

The maxHeaderHttpSize parameter can be set to the exact value of the tokensize or higher. If no such parameter is given, the default size of 128 (bit) is used.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.