After upgrading VIP AuthHub to 2.1.2, the Authentication to AuthHub (Siteminder Chain Authentication scheme, SiteMinder performs the primary authentication and Authentication Hub performs the secondary authentication) failed with HTTP 500 error due to HeadersTooLargeException.

Azserver pod log shows HeadersTooLargeException 

"throwable":"org.apache.coyote.http11.HeadersTooLargeException: An attempt was made to write more data to the response headers than there was room available in the buffer. Increase maxHttpHeaderSize on the connector or write less data into the response headers.\n\tat org.apache.coyote.http11.Http11OutputBuffer.checkLengthBeforeWrite(Http11OutputBuffer.java:473)\n\tat org.apache.coyote.http11.Http11OutputBuffer.write(Http11OutputBuffer.java:426)\n\tat org.apache.coyote.http11.Http11OutputBuffer.write(Http11OutputBuffer.java:412)\n\tat org.apache.coyote.http11.Http11OutputBuffer.sendHeader(Http11OutputBuffer.java:372)\n\tat org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1066)\n\tat org.apache.coyote.AbstractProcessor.action(AbstractProcessor.java:381)\n\tat org.apache.coyote.Response.action(Response.java:212)\n\tat org.apache.coyote.Response.sendHeaders(Response.java:450)\n\tat org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:288)\n\tat org.apache.catalina.connector.OutputBuffer.close(OutputBuffer.java:248)\n\tat org.apache.catalina.connector.Response.finishResponse(Response.java:420)\n\tat org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:388)\n\tat org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:400)\n\tat org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)\n\tat org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:859)\n\tat org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1734)\n\tat org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191)\n\tat org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659)\n\tat org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n\tat java.base/java.lang.Thread.run(Thread.java:833)\n"

Release : VIP Authentication Hub 2.1.2, SiteMinder 12.80.0700.2947

The new query parameter ‘failureCallbackURLBase64’ which is added, causes the increase in the response header size.

This issue has been addressed on VIP AuthHub 2.1.4 onward.

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/vip-authentication-hub/2-1/Release-Notes/release-notes---2-1-4.html

Please upgrade to 2.1.4 to address this issue.