Spnego Kerberos Token Size

[Performance666]

Hi,

I'm having a very peculiar problem... I have set up sso (spnego) + Active Directory on Zimbra Collaboration 8.6 and it works perfectly for 99% of my users... But the users that are members of many groups or acl can't logon, they get a 413 error and the screen stays blank.

I had the same problem with Apache hosted applications, but I found a configuration tag that solves the problem raising the request field size to " LimitRequestFieldSize 32768".

How can I do something similar on Zimbra? Tried many Nginx configurations tag like "large_client_header_buffers 4 12k" on /opt/zimbra/conf/nginx/templates/nginx.conf.web.template but have not succeeded... Any help would be appreciated!


Thanks in Advance.

[msquadrat]

According to the nginx docs you should get a 400 instead of a 413 if the header size is exceeded. So the error is probably coming from the jetty backend. I did have a look at the httpConfig in mailboxd/etc/jetty.xml.in and found the Configuration option zimbraHttpRequestHeaderSize which defaults to 8192 (the same default value as in nginx). (This option should probably be used in the reverse proxy as well to actually make it useful.)

[syslov08]

Did you fix this problem? I have the same problem on zimbra 9