I have a spring security based kerberos authentication which has been working fine, however, suddenly it started missing the negotiated request (the 2nd request from client after spring initiated the NEGOTIATE).
1st state:
somehow, instead of sending two requests from client, spring only received the first request, followed by a call to /favicon, which instead should be same endpoint if it’s working.
I have then added /favicon to the permitAll()
list, which then resulted in 2nd state.
2nd state:


It took me really a great mount of time to figure this out, but in short, it’s due to the HTTP header from client after KDC/TGT’s encrypted message suddenly become larger (likely KDC/TGT has sent more data) than tomact default threshold.
The changes:

The working result:
