ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Why are some users intermittently seeing a 404 error

book

Article ID: 102168

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Behavior:
When we hit the SP initiated url, we are landing to 404 page of login.fcc.
Everything seems to work fine when we are clicking IDP initiated url's. 

Environment

SiteMinder Policy Server Version: CA Policy Server R12.52 SP1 CR05 
Policy Server O/S: Win2008 R2 
Web Server: IIS 7.5 Web Server O/S: Win2008 R2 
SiteMinder Web Agent Version: smwa-12.52-sp01-cr08-win32 
Siteminder Option-Pack Version: 12.52.105.2112 
configuration :Partnership SAML2.0 

Resolution

CA Support Requested Failed Request Trace on IIS

There was No 404 if a shorter URL was submitted: 

The Failed Request Trace showed a 404 httpsubstatus 15 meaning "The Request Filtering module rejected a request with a too long query string" 

https://blogs.iis.net/ma_khan/troubleshooting-iis-6-status-and-substatus-codes 

Looking at: 

https://docs.microsoft.com/en-us/iis/configuration/system.webserver/security/requestfiltering/requestlimits/ 
The limit can be changed with the param maxQueryString, which has a default value of 2048. 

I saved the problematic URL into a text file and then looked at the file size = 2,248 bytes 

To increase maxQueryString: 
<system.webServer> 
<security> 
<requestFiltering> 
<requestLimits maxQueryString="<VALUE>"/> 
</requestFiltering> 
</security> 
</system.webServer>