SOI Tech Tips: How to increase HTTP Header Size

Document created by kluong Employee on Jul 24, 2014
Version 1Show Document
  • View in full screen mode

PROBLEM:  After you enter the user and password to access the UI webpage, the browser will return  a message

                    Internet Explorer cannot display the webpage.

 

This particular problem  was cause by users in Active Directory belonging to multiple groups.

The more groups a user belongs to, the larger the EEMSESSIONID cookie will get.

With the increase EEMSESSIONID size, you will need to increase the maxHttpHeaderSize for http and https.

 

On the UI server, edit \ca\soi\samui\conf\server.xml

Change the value for maxHttpHeaderSize to 32768 for the following sections

 

    <Connector address="${tomcat.inaddr.bind}" port="${tomcat.port.http}" protocol="HTTP/1.1"

               redirectPort="${tomcat.port.ssl}"

              maxHttpHeaderSize="16384"

               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

               enableLookups="false" acceptCount="100"

               connectionTimeout="20000" disableUploadTimeout="true"

               compression="on" compressableMimeType="text/html,text/plain,text/css,text/javascript" /> 

 

 

<Connector address="${tomcat.inaddr.bind}" port="${tomcat.port.ssl}" protocol="HTTP/1.1" SSLEnabled="true"

      maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"

               enableLookups="false" disableUploadTimeout="true"

               acceptCount="100" scheme="https" secure="true"

               keystoreFile="${tomcat.keystore.file}"

               keystorePass="${tomcat.keystore.pswd}"

               ciphers="SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_KRB5_WITH_RC4_128_MD5,TLS_KRB5_WITH_RC4_128_SHA,TLS_ECDH_ECDSA_WITH_RC4_128_SHA,TLS_ECDH_RSA_WITH_RC4_128_SHA,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,TLS_KRB5_WITH_3DES_EDE_CBC_MD5,TLS_KRB5_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"

               clientAuth="false" sslProtocol="TLS" />

 

Recycle the CA SAM User Interface Server service.

Attachments

    Outcomes