asked 17.08.2018

edited 06.09.2018

If your Active Directory contains large user groups and dependencies among them then it may occur that single sign on for some users that are members in a lot of user groups does not work. This is because the packet size of the AJP13 protocol that is used for the communication between IIS and Axon.ivy Engine is to small to hold all the necessary security information.


The problem can be solved by increasing the packet size (default value 8192) of the AJP13 protocol. The packet size must be configured with the same value on the IIS and Axon.ivy Engine side. If one side is not configured to the same size as the other, then the communication may fail.

On the IIS side the packet size can be configured in the file by setting the worker attribute max_packet_size.


Axon.ivy Engine 7.2 and newer:

adjust the packet size in the file configuration/ivy.yaml

    Enabled: true
    PacketSize: 16384

Axon.ivy Engine 7.1 and older:

the packet size can be set by changing the value of the system property WebServer.AJP.PacketSize in the AdminUI.


edited 16.11.2020

