SAML - Could not login in: Empty metadata

Hi @gustavo.yoshizaki, good news: I found the group list is being written in the JWT twice, that’s why the header gets so big. You can check the JWT claims in your environment, you will see the groups list repeated in two points.

I have prepared a fix with the optimized JWT structure, plus an accurate logging mechanism that shows

  • the size of the JWT (in debug mode)
  • a warning when 90% of the ES default header size is reached
  • an error when the 100% of the ES default header size gets crossed (still we try to send the request, in case ES has higher header size configured)

A rich explanation of how to debug and resolve the problem gets printed in the last two cases.

So with the fix you have 2x the headroom for your groups! Soon I will send you a message with the pre-release Enterprise trial build.

Great news!

I confirm that i see the groups duplicated on the logs.

On the other hand, I remembered that I have a dedicated ES node for queries. So the ES change (that requires a restart) is possible to be done with a very small downtime.

1 Like

Exactly! This is a HTTP setting, so it concerns only the entry point of the query. Well noted :slight_smile:
So you will get the slimmed down JWT fix, plus you can enable larger headers.