Login Error in Sitecore CMS via Identity Server with Azure AD Integration

 


Error Message
=========================================================================

You may encounter one of the following two error messages in the browser. Although the messages differ, the root cause is the same.



1. Request Header Too Long error being displayed in the browser.
2.Site Can’t Be Reached


===============================================================================

This error occurs when attempting to log in to Sitecore CMS using the Sitecore Identity Server that is integrated with Azure Active Directory (Azure AD).

===============================================================================

Cause of the error:

The root cause of this issue arises when logging into Sitecore CMS using Azure AD integration via the Sitecore Identity Server.

When you enter your Azure credentials, authentication is successfully completed by Azure AD, and an ID token is returned to Sitecore. This ID token contains claims, including the list of Azure AD groups that the user is associated with.

For most users, the login process works without issues. However, for some users—specifically those who are members of a large number of Azure AD groups—the ID token becomes excessively large due to the inclusion of all group memberships.

As a result, the request header becomes too large, leading to login failures.



Solution:

1. Update the web.config in Sitecore Identity Server

  • Navigate to the Sitecore Identity Server root directory.

  • Open the web.config file.

  • Locate the <system.web> section and add or update the following setting:

<system.web>
  <httpRuntime maxRequestLength="2097152" />
</system.web>

  • After saving the file, restart the Identity Server application pool and site in IIS.

2. Modify Windows Registry Settings

  • Open the Run window (Win + R), type regedit, and press Enter to open the Registry Editor.

  • Navigate to the following path:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

  • Select the Parameters folder.

  • Right-click in the right panel and create the following two DWORD (32-bit) Values:

    • MaxFieldLength → set the value to 32768 (Decimal)

    • MaxRequestBytes → set the value to 32768 (Decimal)

💡 These values increase the allowed size for HTTP request headers, which prevents the token size issue for users with many Azure AD group memberships.

3. Restart the Identity Server

  • After completing the above steps, restart the Identity Server to apply the new registry settings.

  • If you skip this step, the new registry keys will not take effect.

⚠️ Important Note

You may find some documentation or solutions suggesting only updating the web.config file, but that alone will not resolve the issue. All three steps above must be completed for the fix to be effective.


Comments

Post a Comment

Popular posts from this blog

Solrcloud With Zookeeper -Single server setup

Image
Getting Started with SolrCloud: A Beginner’s Guide for First-Time Users If you’ve been diving into search technology and stumbled across SolrCloud , you might think it’s just Apache Solr hosted in the cloud. That’s a common misconception—but SolrCloud is much more powerful than that. In this beginner-friendly guide, we’ll walk you through what SolrCloud actually is, why you might need it, and how to get it up and running on your local machine for development or testing.  What is SolrCloud (and Why Should You Care)? SolrCloud is the distributed, fault-tolerant, and scalable evolution of Apache Solr’s traditional architecture. While the original Solr relied on a master-slave model , SolrCloud is built for modern, large-scale applications that require high availability and real-time indexing.  Key Benefits of SolrCloud: High Availability : Replication ensures your data is always accessible—even if some nodes go down. Scalability : Easily add new nodes as your indexin...
Read more

Render Sitecore Experience Forms Using Sitecore XP 10.4 with a Headless Approach (Next.js + JSS SDK)

Image
  In this blog post, we’ll walk through rendering Sitecore Experience Forms using Sitecore XP 10.4 (Update 1) with a headless (Sitecore-first) approach , leveraging Next.js and Sitecore JSS SDK . This guide assumes you're using connected mode , where your frontend directly interacts with your Sitecore backend. Goal: Enable a fully functional Sitecore Experience Form to render and work within a headless Next.js application. đŸ§± Prerequisites Before getting started, ensure you have the following: Backend: ✅ Sitecore XP 10.4 Update-1 installed ✅ Sitecore Headless Rendering 22.0.0 package installed Frontend: ✅ Node.js and npm installed ✅ Visual Studio Code (or any preferred IDE) 🧭 Step 1: Set Up Sitecore for Headless Forms Since this is a Sitecore-first approach , we begin by configuring everything in Sitecore before moving to Next.js. 🔑 1. Create an API Key Go to Sitecore Content Editor Create a new API Key item (e.g., under /sitecore/system/Mo...
Read more

Next.js with XM Cloud EDGE and GraphQL

Image
  Building a Component with Next.js and GraphQL from Sitecore XM Cloud Edge — No JSS Required Goal: In this blog post, we’ll walk through how to create a simple component in Next.js that fetches data from Sitecore XM Cloud Experience Edge using GraphQL — without using any JSS libraries. đŸ§© What You’ll Need from Your Sitecore XM Cloud Instance Before we start coding, we’ll need a few pieces of information from your Sitecore project: 1. Edge Token and GraphQL Endpoint Log in to your Sitecore XM Cloud project. Select your environment. Go to the "Details" tab. At the bottom, you’ll see Live GraphQL IDE (Experience Edge) . Click "Generate Delivery API Token" — this gives you the Edge API token and the GraphQL endpoint URL. We’ll use this token later in our .env.local file. 🛠️ Project Setup: Next.js + GraphQL 1. Create a Next.js App      Run the following command to bootstrap your app: npx create-next-app@latest xmcloud 2. Install Gr...
Read more