Issue with large HTTP headers for ECP authentication
cantor.2 at osu.edu
Mon Dec 10 15:08:00 EST 2018
The other "fix", really a workaround, is to turn off sessions for ECP. There's no supported way, but grepping for idp.session.enabled in the system files will locate the places the property is used to populate the activationConditions for the actions that would avoid doing anything with the cookie. You'd have to override those with scriptlets, expressions, or Java code to check for ECP (a Spring expression like "#input.isBrowserProfile()")
I'm not suggesting that but it may well work. Most of the direct property -> true/false settings are gradually being replaced with full support for plugging in conditions so just file an RFE and I'm sure we can get it included down the road.
More information about the users