<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z00008BvzigCABOkta Classic EngineSingle Sign-OnAnswered2022-10-26T16:17:38.000Z2022-10-07T12:58:25.000Z2022-10-26T16:17:38.000Z

CiaranM.54941 (Customer) asked a question.

October 7, 2022 at 12:58 PM
Okta SAML Application Single Sign On Error - Requested query string is too long

Hi all,

We have a SAML application which is using Okta for SSO with organizations Microsoft Azure as the Identity provider. We have some users experiencing an error shown below when logging in with SSO. I have tried all solutions that I can think of such as checked that request binding attribute is set to HTTP POST in the IdP as well as unchecked the sign SAML request parameter to try to remove noise from the request URL but to no avail. Has anyone encountered this issue before and found a solution? All advice is appreciated.

 

/help/servlet/rtaImage?refid=0EM4z0000054yX8

  • 3 answers
  • 723 views

  • Mihai N. (Okta, Inc.)

    Hi @CiaranM.54941 (Customer)​ , Thank you for reaching out to the Okta Community!

     

     

    The settings you mentioned are the usual suspects. 

    Beyond that I was able to dig up an older reference to this issue, and I quote:  

     

    https://docs.microsoft.com/en-us/iis/configuration/system.webServer/security/requestFiltering/requestLimits/

    If you change the default settings to allow for longer max lengths the requests should then process correctly. 

    I recommend setting the following values:

    <httpRuntime maxQueryStringLength="32768" maxUrlLength="65536"/>

     

    But unfortunately, this was never confirmed as the person involved never replied.  

     

    If all else fails, my advice would be to get Microsoft Support engaged on this.  

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    The Okta Community Catalysts Program is now live. Collect online badges when you participate in the Okta Help Center Questions community. Learn more here.

    Expand Post

  • CiaranM.54941 (Customer)

    Hi Mihai,

    Thank you for the response. We are still seeing this issue. After checking the logs it seems to fail with error message "Unknown Profile Attribute". It seems the attribute that is unknown is "TargetId". I have checked that the claims match with Azure AD claims.

    • Mihai N. (Okta, Inc.)

      Hi @CiaranM.54941 (Customer)​,

       Unfortunately this forum is not an appropriate medium for in-depth troubleshooting. 

      If you've already engaged Microsoft support and still require assistance from the Okta side, please open a case and one of our Support Engineers will work with you to get things sorted.  

      Expand Post
This question is closed.
Loading
Okta SAML Application Single Sign On Error - Requested query string is too long