When a user logs into the SMP they receive the error: HTTP 400 - Bad Request (Request header too long)
HTTP 400 - Bad Request (Request header too long)
This is an error generated from IIS. This is usually caused by the user being in hundreds of AD groups and therefore increasing their Kerberos token size to a size that is over the limits created in IIS
In an nut shell here is the issue. During authentication a Kerberos token is passed to the server needing authentication. The more groups a user is a member of the larger that user’s token is going to be. While 2012 does allow for a very large token (48KB), IIS still limits it’s overall request size to 16KB which include both the URL and the Kerberos token.
Once the request size and field lengths are set to allow more data in the request, the issue will be resolved.
Follow this document and adjust the IIS settings until you are happy with the response.
One customer found some workarounds, rather than contacting Microsoft to find out the cause of the Kerberos related authentication issue: