404 error with login.fcc with SP Initiated SAML 2.0

book

Article ID: 101617

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

When we hit the SP initiated url, we are landing to 404 page of login.fcc.

We are getting login Page when we hit IDP initiated url without any parameters. 

URL is over 2048 characters long.

Webserver is IIS 7.5

Cause

Url is longer than IIS' maxQueryString

Environment

IIS 7.5

Resolution

Customer receiving 404.15. This means "The Request Filtering module rejected a request with a too long query string" 

To fix this we need to increase the value for maxQueryString. which has a default value of 2048 - customer's query string was 2,248 bytes.

To do this, edit IIS' Web.config:
 
<system.webServer>
  <security>
    <requestFiltering>
      <requestLimits maxQueryString="4096"/>
    </requestFiltering>
  </security>
</system.webServer>


 

Additional Information

Background reading:
https://blogs.iis.net/ma_khan/troubleshooting-iis-6-status-and-substatus-codes
https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/ 
https://stackoverflow.com/questions/11636386/how-to-configure-the-web-config-to-allow-requests-of-any-length