Integrated Data Protection Appliance: Intermittent Access Issues and SSO Failures when accessing DPC with AD/LDAP credentials after 2.7.6 upgrade.

Summary: Post IDPA 2.7.6 upgrade/DPC 19.9 upgrade, DPC shows problems with access and SSO when trying to do it with AD/LDAP credentials.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

DPC error
  • AD/LDAP source is configured in DPC and when trying to access DPC using AD/LDAP credentials it fails intermittently with this error, sometimes it works. Even more, if cookies and cache are cleared, however, this is not a permanent solution. 
  • When being logged with AD/LDAP credentials, SSO to systems integrated into DPC would fail with the same error. 
  • Developer tools show a 502 bad gateway error. 
The below error is seen in the nginx error.log.  
2024/04/09 10:53:10 [error] 64587#64587: *14150 upstream sent too big header while reading response header from upstream, client: 172.26.130.97, server: xxxxx.xxxxx.xxxxx request: "GET /auth/realms/DPC/protocol/openid-connect/authscope=openid+profile&response_type=code&redirect_uri=https%3A%2F%2Fxxxxx.xxxxx.xxxxx&state=YWK9IJANc0Tn9c8dhSA_MAOfja3DSairR_Ag8kLker4&nonce=uPOO0ZLBU9WzHhuaR45e6q7PqYCbYOEi8Kk5sttJA5I&client_id=98ce7c21-0ec2-4d9b-9bde-125d940f212f HTTP/1.1", upstream: "https://127.0.0.1:8143/auth/realms/DPC/protocol/openid-connect/auth?scope=openid+profile&response_type=code&redirect_uri=https%3A%2F%2Fmin-dp-idpa01-dpc-01.vcdservices.local&state=YWK9IJANc0Tn9c8dhSA_MAOfja3DSairR_Ag8kLker4&nonce=uPOO0ZLBU9WzHhuaR45e6q7PqYCbYOEi8Kk5sttJA5I&client_id=98ce7c21-0ec2-4d9b-9bde-125d940f212f", host: "xxxxx.xxxxx.xxxxx", referrer: "https://xxxxx.xxxxx.xxxxxx/"

Cause

When NGINX processes the response headers, it sets a limit on the size of the headers it can handle. If the headers exceed this limit, NGINX rejects the connection and this results in a 502 bad gateway error. 

Resolution

1. In the etc/nginx/nginx.conf file, add the below lines after keepalive_timeout variable is set.

    proxy_buffer_size   128k;
    proxy_buffers   4 256k;
    proxy_busy_buffers_size   256k;

2. Save this configuration.
3. Restart nginx service

service nginx restart

4. Test it again if the behavior changes.

Affected Products

Data Protection Central
Article Properties
Article Number: 000225360
Article Type: Solution
Last Modified: 27 May 2024
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.