Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3033
Views
0
Helpful
1
Replies

http connection problems with kerberos authentication using Cisco ACE

helsayed78
Level 1
Level 1

‎07-02-2012 07:43 AM

Does anyone know how this problem can be solved?

https://supportforums.cisco.com/thread/133381

Regards,

Hesham

Labels:
0 Helpful
1 Reply 1

sesoerensen
Level 1
Level 1

‎07-16-2012 05:47 PM

Hesham,

Easy fix

Create a HTTP parameter map, and assign it to the class in the service-policy.

parameter-map type http HTTP

  case-insensitive

  persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

policy-map multi SLB

class VIP

poli ..

load ..

blah blah

appl-parameter http advanced-options HTTP

Basically, this is what happens:

The kerberos ticket is too big to fit in the HTTP header. Thats, it's to big for ACE, which caps the header size at 4K by default.

Try before you buy test:


Create an user within Active Directory, and only assign it to the bare minimum of security groups.

Then try accessing the website, before applying the configuration.

Cheers mate,

Søren Elleby Sørensen

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card