Content length of the SOAP request is too long

This topic has 3 replies, 3 voices, and was last updated 4 years, 9 months ago by dhorbyspringer.

  • Author
  • #12885


    Below is the scenario:

    SP : OpenAm
    IdP: PingFed

    1. SP Initiated SSO and sends SAML request.
    2. IdP verified and ask for authentication and shows login page.
    3. On successful login, it returns back to SP with SAML response having SAML attributes.
    4. In logs, I can see successful communication and SALM response also says
    <samlp:StatusCode Value=”urn:oasis:names:tc:SAML:2.0:status:Success” />

    But due to length of the response, I get the error : Content length of the SOAP request is too long

    Is there any way to configure the length or fix this issue ?

    Can anyone please help ?



    We had the same problem here which caused problems with a lot of institutional logins. I found that the problem was in ./saml2/jsp/spAssertionConsumer.jsp where it does the following check on the response size:

        // to avoid dos attack
        // or use SAML2Utils?
        try {                       
        } catch (ServletException se) {
            SAMLUtils.sendError(request, response, response.SC_BAD_REQUEST,
                "largeContentLength", se.getMessage());

    It gets the max value from a property ‘com.sun.identity.saml.request.maxContentLength’ which is set as 20480. I failed to find where it was set and to increase it. So in the end I just removed the code.

     Rogerio Rondini


    There is a configuration attribute “Maximum allowed content length” which is the number of bytes for Federation communications.

    You can find in OpenAM console “Configuration > global > common federation configuration > maximum allowed content length. The default is set at 20480 (bytes)”.

    Rogerio Rondini


    Ah, that’s where it is.

    Thanks Rogerio

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

©2021 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?