React Blog example - Request header for IdP initiated login is too large!

I’ve got things running with the amplify example React project from the blog post (Implementing Multi-Factor Authentication in React Using Auth0 and AWS Amplify | AWS Partner Network (APN) Blog).

It has been working great and I’ve tied in our IdP (Jumpcloud) as well.
It works fine when the app initiates the authentication request (app → auth0 → Jumpcloud).

However, when I try to do an IdP initiated request, I get an error that “Your request header section exceeds the maximum allowed size.” I think the error is coming from AWS, since Auth0 shows successful authentication.

The header payload that is getting to the web app is over 10k and I think AWS wants a max header size of 8192.

When I put the payload into, it looks like a valid SAML header, but it’s just enormous.
It’s full of repeated xml strings, like

            <saml:Attribute Name="" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
                <saml:AttributeValue xsi:type="xs:string"/>

and I think maybe they are making the payload too large.

I’ve tried using mappings in my SAML connector to slim down the request, but I can’t seem to make it work.

I’m looking for help on why the request header for IdP initiated login is so large that my request fails - but when I do app-initiated login it works just fine (using the same IdP).

Hey there!

I would really like to help but the resource you’re referencing is from AWS not use so probably I won’t have enough knowledge on that front. Have you tried asking in their forums?

Thanks Konrad!
I used that link because it’s publicly accessible, but it’s actually from Auth0 - published at Auth0 | Implementing MFA in React Using Auth0 and AWS Amplify

But, you have to register to download it from Auth0, so I used the public AWS link instead.

I’m not sure that helps you identify the issue at all, but it’s not just an AWS sample :slight_smile:

Do any folks have an idea why the Auth0 blog example fails with IdP-initated SSO?