Buffer overflow error when calling request.authenticate() on Tomcat

Question

When calling request.authenticate() from Tomcat with KeyCloak authentication active, I get the following error:

java.io.IOException: Buffer overflow and no sink is set, limit [4,096] and buffer length [4,096]
at org.keycloak.adapters.saml.CatalinaSamlSessionStore.saveRequest(CatalinaSamlSessionStore.java:231)
at org.keycloak.adapters.saml.AbstractInitiateLogin.challenge(AbstractInitiateLogin.java:59)
... 20 more
Caused by: java.io.IOException: Buffer overflow and no sink is set, limit [4,096] and buffer length [4,096]
at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:515)
at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:315)
at org.apache.catalina.authenticator.FormAuthenticator.saveRequest(FormAuthenticator.java:677)
at org.keycloak.adapters.saml.AbstractSamlAuthenticatorValve.keycloakSaveRequest(AbstractSamlAuthenticatorValve.java:263)
at org.keycloak.adapters.saml.CatalinaSamlSessionStore.saveRequest(CatalinaSamlSessionStore.java:229)
... 21 more

Where in Tomcat can I find the configuration of this buffer so that I could increase the size of it?

The error appears on Tomcat versions from 7.0 to 9.0. The only mentioning I found is this, and it says:

Probably a tomcat setting somewhere.

Sounds really wise.

Answer 1

Seeing as there's no other information on the internet,adding a maxSavePostSize resolved this issue for me. For example, setting to 2MB to allow larger posts from IDP:

<Connector port="8080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" maxSavePostSize ="2097152" />

Answer 2

Try increasing the maxSavePostSize (part of Connector element in server.xml). See documentation here https://tomcat.apache.org/tomcat-8.5-doc/config/http.html#Common_Attributes