After migrating to IBM Connections 4.5 with SPNEGO-SSO some users were unable to connect to the Connections system. The browser showed an Error 400 message and the users were not logged in to Connections. In the Websphere log files several LTPA errors occured.
The root cause for that issue was that the size of the SSO header in the HTTP request for these users exceeded the maximum allowed value. The default value for IBM HTTP server is 8192 bytes, a SPNEGO SSO header can reach values of up to 12k.
After adding the variable
to the HTTPD.CONF the issue was resolved.