I’ve got things running with the amplify example React project from the blog post (Implementing Multi-Factor Authentication in React Using Auth0 and AWS Amplify | AWS Partner Network (APN) Blog).
It has been working great and I’ve tied in our IdP (Jumpcloud) as well.
It works fine when the app initiates the authentication request (app → auth0 → Jumpcloud).
However, when I try to do an IdP initiated request, I get an error that “Your request header section exceeds the maximum allowed size.” I think the error is coming from AWS, since Auth0 shows successful authentication.
The header payload that is getting to the web app is over 10k and I think AWS wants a max header size of 8192.
When I put the payload into samltool.io, it looks like a valid SAML header, but it’s just enormous.
It’s full of repeated xml strings, like
<saml:Attribute Name="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue xsi:type="xs:string"/>
</saml:Attribute>
and I think maybe they are making the payload too large.
I’ve tried using mappings in my SAML connector to slim down the request, but I can’t seem to make it work.
I’m looking for help on why the request header for IdP initiated login is so large that my request fails - but when I do app-initiated login it works just fine (using the same IdP).
