Okta with Azure SSO error - Requested query string too long

Question

Hi all,

We have a SAML application which is using Okta for SSO with organizations Microsoft Azure as the Identity provider. We have some users experiencing an error shown below when logging in with SSO. I have tried all solutions that I can think of such as checked that request binding attribute is set to HTTP POST in the IdP configuration as well as unchecked the sign SAML request parameter to try to remove noise from the request URL in Okta but to no avail. The web app is hosted by IBM HTTP server. Has anyone encountered this issue before and found a solution? All advice is appreciated.

Answer 1

Hi @Ciaran Mallory ,

Thanks for your post! I understand that you have a SAML application that is using Okta for SSO and some of your users are receiving the following error:

AADSTS90015: Requested query string is too long

This error commonly occurs when the SAML request query string is too large. The limit for request param string is 4096 bytes. For ASCII characters, each character is 1 byte. If you capture a fiddler trace during the authentication process, you can check the SAML Request query sting size. As you mentioned, you need to make sure that the signature is removed from the SAML request and that the request does not exceed 4096 characters so that it fits within the browser URL's max parameters.

Feel free to share the fiddler logs with the new request with me (email in private comment) and I will gladly help troubleshoot.

-

If the information helped you, please Accept the answer. This will help us and other community members as well.