- We are facing an issue with our WHFB enrollment process.
- The ADFS server Windows Intergrated login process is throwing error: HTTP 400 - Bad Request (Request header too long).
- The issue is limited to one user at this point of time
- ADFS IDPinitiatedSignon page working on IE but not on Edge/Google Chrome with the above error when attempting kerberos authentication
- The user is part of 56 groups.
- SAM account name is of 20 characters (Migrated from a separate forest)
Then IE is probably falling back to NTLM, which is bad in itself.
The solution for IIS can be found on: https://support.microsoft.com/en-us/help/2020943/http-400-bad-request-request-header-too-long-response-to-http-request