I’m not sure if this started with an update recently or not, but I just began encountering a 400 Bad Request error upon redirecting to our AD LDAP connector during automated windows sign ins.
I finally tracked it down to being an issue when the browser automatically signs in using Kerberos instead of NTLM. The Kerberos token that was being generated for my user was too large and causing the headers to exceed the 8kb limit that node has by default.
The work around I’m currently using is to set the --max-head-size
flag to 80000 on startup by running this command
.\nssm.exe set "Auth0 ADLDAP" AppParameters '--max-http-header-size 80000 ""C:\Program Files (x86)\Auth0\AD LDAP Connector\\server.js""'
Unfortunately I think I’m going to have to run that every time we update the AD LDAP Connector, so hopefully Auth0 can build in a fix for this natively.