When attempting to log in to an application using SAML authentication, a 400 bad request error occurs. This error is likely due to Internet Explorer's limitation on the number of characters allowed in the SAML request URL. The SAML request size is too large for Internet Explorer to handle. Other browsers, such as Chrome, Safari, and Firefox, do not encounter this error.
-
Secure Assertion Markup Language (SAML)
- Internet Explorer (IE)
- Large SAML request size due to multiple redirects
- Custom browsers with an embedded IE browser
Internet Explorer has a limitation on the number of characters allowed in the SAML request URL. The maximum URL length is 2,083 characters. This limit applies to both POST request and GET request URLs.
Support for Internet Explorer ended on June 15, 2022. Internet Explorer 11 has been permanently disabled through a Microsoft Edge update on certain versions of Windows 10. If any visited site needs Internet Explorer 11, reload it with Internet Explorer mode in Microsoft Edge.
To resolve this error, either use a different browser like Chrome, Safari, or Firefox or reduce the size of the SAML request so the URL falls below the 2083 character limit by removing unnecessary/unused values or attributes.
If using the GET method, there is a limit to a maximum of 2,048 characters minus the number of characters in the actual path. However, the POST method is not limited by the URL size for submitting name/value pairs, as these pairs are transferred in the header and not in the URL.
