Closed guidoffm closed 6 years ago
You need to work to minimize the size of the id_token. Also, you might want to implement the state data format to minimize the state param size like we do in IdSvr: http://docs.identityserver.io/en/release/topics/signin_external_providers.html#state-url-length-and-isecuredataformat
If there is no config option to increase the max url size we can close the issue
I don't know if there is. What web server and hosting framework are you using? :)
Commenting for the benefit of future visitors with the same problem:
Assuming you're using IIS 7 or later, you'll want to set <requestLimits>
in your web.config
(this is an IIS thing, so you'll need a web.config
even though you're using ASP.NET Core which doesn't use web.config
).
Given that the maximum browser cookie size is 4096 bytes and that the browser will be passing id_token
(often sent as a cookie) back to the server, it means we can set a reasonable upper-bound on maxQueryString
to 8192
on the basis that you'll need at least 4096
bytes for id_token
, plus another 4096
for other parameters like post_logout_redirect_uri
and state
. You'll also need to set maxUrl
to a larger value (I use 10240
just to be safe).
web.config
in your web-application root:<configuration>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxQueryString="8192" maxUrl="10240" /> <!-- maxQueryString="2048" is the default -->
</requestFiltering>
</security>
</system.webServer>
</configuration>
This works in web.config
files placed inside a website (i.e. on a per-Application-Scope basis) and does not need to be placed in applicationHost.config
, so you can include this in your source-code repo.
Alternatively, you can also use IIS Manager (even to connect to an Azure App Service): https://stackoverflow.com/questions/43186826/azure-app-service-iis-maxrequestlength-setting
This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.
I have a lougout requestin the form
with a length of nearky 5000 characters. The server responds with 404. Maybe a configuration issue with ASP.NET Core