When integrating SSPR with IDM /OSP and subsequently OSP with NAM via SAML, the amount of cookies becomes larger and can exceed the maximum header size. The fix for this is to adjust a parameter within tomcat's server.xml file. When using the SSPR appliance, this default value cannot be changed. When impacted, users are unable to use SSPR until they clear all cookies for the domain SSPR is a member.

Note: this most commonly occurs when the cookie domain is shared between osp, nam and sspr. This occurs either when access gateways are used to use path based multihoming for applications or when a wildcard cert for the sub-domains as that will have all of these applications share the cookie domain.

by: Robert I. | over a year ago | Other