Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
On 20.05.2009 07:20, pappu wrote: Chuck, --- If by Tomcat 5 you really mean Tomcat 5.0, please be aware that 5.0 has not been supported for quite some time. You do need to move up. --- Yes I do mean Tomcat 5.0. The reason why we are having this version is because we have Business Objects (Analytics Tool) configured to run on tomcat and it only supports for Tomcat 5.0 and Tomcat 5.5. When we did this about 3 yrs ago i believe only 5.0 would have been supported. Could you let me know if there is an option to resolve this error without doing the upgrade? The necessary feature (bigger AJP packet sizes) has been backported to Tomcat 5.5. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pappu, On 5/20/2009 1:20 AM, pappu wrote: Yes I do mean Tomcat 5.0. The reason why we are having this version is because we have Business Objects (Analytics Tool) configured to run on tomcat and it only supports for Tomcat 5.0 and Tomcat 5.5. When we did this about 3 yrs ago i believe only 5.0 would have been supported. Tomcat 5.5 is still supported by the community. You should be able to move up to 5.5.27 (the current 5.5.x version) and still be covered for Business Objects. Could you let me know if there is an option to resolve this error without doing the upgrade? Probably not. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoVjv8ACgkQ9CaO5/Lv0PAAcQCghOtEUZRe7InvnLscAcWxnEam Y30AoKL49Gcs49HzsRhzkhE+jd11/bTr =84M5 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
Hi, We are running our application on Tomcat 5 and have authorization done by IIS and have configured the IIS to tomcat communication using the iisapi_Redirect. We are facing this issue where we get the Request Entity too Large error when we try for certain ids. Since we are running on Tomcat 5 we can't do the mod_jk change. Could you please suggest how to resolve this issue? Thanks in Advance. AM baumar wrote: Hi, We are running an application on Tomcat 6. The authorization is down by IIS with Integrated Windows authentication selected. Whenever we try to access any page (with IE6), we get a request entity too large response. We switched IIS to Basic authentication, then it works. By analyzing the network traffic, we saw that IIS is adding a kerberos header with encrypted data and guess this data cannot be handled by the jconnector or tomcat. we made a test where we switched off tomcat and still got the same error, so unless we didn't get some cached reply, this means the error might be thrown by the jconnector, but we have no clear evidence. Did anybody encounter a similar case or know how to resolve this? Thanks Markus -- View this message in context: http://www.nabble.com/%22Request-entity-too-large%22-when-using-SSO-%28IIS-Integrated-Windows-authentication--Tomcat-%29-tp23099072p23613947.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 AM, On 5/19/2009 6:59 AM, pappu wrote: We are running our application on Tomcat 5 and have authorization done by IIS and have configured the IIS to tomcat communication using the iisapi_Redirect. We are facing this issue where we get the Request Entity too Large error when we try for certain ids. Since we are running on Tomcat 5 we can't do the mod_jk change. What mod_jk change? What does running Tomcat 5 (specifically) have to do with it? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkoSr8sACgkQ9CaO5/Lv0PBddACeLeKML7YPoRglm8pIfbsFE9t6 5LIAn0RLmCW6ajV3ki6C/lsdpglfU8PD =HudA -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
Chris, What mod_jk change? What does running Tomcat 5 (specifically) have to do with it? - The link of tomcat below gives instructions on how to increase the max_packet_size for AJP. This mentions that this is available only from Tomcat 5.5.20+ and 6.0.2+. So we having Tomcat 5 means that we cannot change this. http://tomcat.apache.org/connectors-doc/reference/workers.html I checked in the isapi logs and i see the error that the HTTP method does not allow the data transmitted, or the data volume exceeds the capacity limit I somehow need to be able to pass the URL from IIS to Tomcat. If I remove the setting for isapi_Redirect and directly use response.redirect(tomcat url) in the asp page it works fine but I need the requests to be serviced only via iis. -AM -- View this message in context: http://www.nabble.com/%22Request-entity-too-large%22-when-using-SSO-%28IIS-Integrated-Windows-authentication--Tomcat-%29-tp23099072p23628364.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
From: pappu [mailto:anaga_mahade...@infosys.com] Subject: Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat ) So we having Tomcat 5 means that we cannot change this. If by Tomcat 5 you really mean Tomcat 5.0, please be aware that 5.0 has not been supported for quite some time. You do need to move up. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
Chuck, --- If by Tomcat 5 you really mean Tomcat 5.0, please be aware that 5.0 has not been supported for quite some time. You do need to move up. --- Yes I do mean Tomcat 5.0. The reason why we are having this version is because we have Business Objects (Analytics Tool) configured to run on tomcat and it only supports for Tomcat 5.0 and Tomcat 5.5. When we did this about 3 yrs ago i believe only 5.0 would have been supported. Could you let me know if there is an option to resolve this error without doing the upgrade? -AM -- View this message in context: http://www.nabble.com/%22Request-entity-too-large%22-when-using-SSO-%28IIS-Integrated-Windows-authentication--Tomcat-%29-tp23099072p23629152.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
Hi, We are running an application on Tomcat 6. The authorization is down by IIS with Integrated Windows authentication selected. Whenever we try to access any page (with IE6), we get a request entity too large response. We switched IIS to Basic authentication, then it works. By analyzing the network traffic, we saw that IIS is adding a kerberos header with encrypted data and guess this data cannot be handled by the jconnector or tomcat. we made a test where we switched off tomcat and still got the same error, so unless we didn't get some cached reply, this means the error might be thrown by the jconnector, but we have no clear evidence. Did anybody encounter a similar case or know how to resolve this? Thanks Markus -- View this message in context: http://www.nabble.com/%22Request-entity-too-large%22-when-using-SSO-%28IIS-Integrated-Windows-authentication--Tomcat-%29-tp23099072p23099072.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
Markus, Is the header name called Authentication ? If so, we had this exact same issue a few years ago. The length of this HTTP header was too long for mod_jk to process and the request was getting dropped. I think you might be able to configure the packet size of mod_jk now to get around this problem. Our solution a few years ago was I built an ISAPI filter that removed the Authentication header before it was sent to Tomcat (since this wasn't needed). Scott On Fri, Apr 17, 2009 at 10:46 AM, baumar mbj...@active.ch wrote: Hi, We are running an application on Tomcat 6. The authorization is down by IIS with Integrated Windows authentication selected. Whenever we try to access any page (with IE6), we get a request entity too large response. We switched IIS to Basic authentication, then it works. By analyzing the network traffic, we saw that IIS is adding a kerberos header with encrypted data and guess this data cannot be handled by the jconnector or tomcat. we made a test where we switched off tomcat and still got the same error, so unless we didn't get some cached reply, this means the error might be thrown by the jconnector, but we have no clear evidence. Did anybody encounter a similar case or know how to resolve this? Thanks Markus -- View this message in context: http://www.nabble.com/%22Request-entity-too-large%22-when-using-SSO-%28IIS-Integrated-Windows-authentication--Tomcat-%29-tp23099072p23099072.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request entity too large when using SSO (IIS Integrated Windows authentication -Tomcat )
On 17.04.2009 16:55, Scott Bradshaw wrote: Markus, Is the header name called Authentication ? If so, we had this exact same issue a few years ago. The length of this HTTP header was too long for mod_jk to process and the request was getting dropped. I think you might be able to configure the packet size of mod_jk now to get around this problem. Our solution a few years ago was I built an ISAPI filter that removed the Authentication header before it was sent to Tomcat (since this wasn't needed). What is jconnector? Are you using the isapi redirector to connect IIS and Tomcat (the IIS relative of mod_jk)? If so, the whole request including headers is not allowed to exceed 8KB (excluding any request bodies e.g. when using the POST method). If you need to send bigger requests, you will need to use a non-standard configuration to exceed the AJP packet size limitations of the AJP13 protocol. Look for max_packet_size on the page http://tomcat.apache.org/connectors-doc/reference/workers.html Regards, Rainer On Fri, Apr 17, 2009 at 10:46 AM, baumar mbj...@active.ch wrote: Hi, We are running an application on Tomcat 6. The authorization is down by IIS with Integrated Windows authentication selected. Whenever we try to access any page (with IE6), we get a request entity too large response. We switched IIS to Basic authentication, then it works. By analyzing the network traffic, we saw that IIS is adding a kerberos header with encrypted data and guess this data cannot be handled by the jconnector or tomcat. we made a test where we switched off tomcat and still got the same error, so unless we didn't get some cached reply, this means the error might be thrown by the jconnector, but we have no clear evidence. Did anybody encounter a similar case or know how to resolve this? Thanks Markus - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org