How to modify the WildFly application server default maximum parameter setting of 1000 in RSA Governance & Lifecycle
Originally Published: 2019-12-19
Article Number
Applies To
RSA Product Set: RSA Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x, 7.5.2, 8.0.0
Application Server : WildFly
Issue
The WildFly application server default maximum parameter setting is 1000. There may be times when you are advised to increase this setting by either an RSA Knowledge Base Article or by RSA Governance & Lifecycle Support. The purpose of this RSA Knowledge Base Article is to outline the steps for increasing this parameter.
IMPORTANT: Do not modify this value unless you have been instructed to do so by either an RSA Knowledge Base Article or by RSA Governance & Lifecycle Support.
Tasks
Resolution
For RSA Governance & Lifecycle 7.0.x and 7.1.x
On a WildFly Standalone configuration, modify WildFly configuration as follows:
- Login as the oracle user
- This procedure will modify $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml. Backup this file before proceeding.
cp $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml_backup_<MM-DD-YYYY>
- Run the following commands at the system prompt:
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/subsystem=undertow/server=default-server/https-listener=agent-ssl:write-attribute(name=max-parameters, value=3000)"
- The output after each of the above three commands should look similar to:
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
- This command modifies the $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml file as shown below.
FROM:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="2147483647"
redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-post-size="2147483647"
security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>
<https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647"
security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
TO:
<subsystem xmlns="urn:jboss:domain:undertow:3.1"> <buffer-cache name="default"/> <server name="default-server"> <http-listener name="default" socket-binding="http" max-post-size="2147483647" max-parameters="3000" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
- These modifications require an application restart to take affect.
acm restart
On a WildFly Cluster configuration, modify WildFly configuration as follows on each node:
- Login as the oracle user
- This procedure will modify $AVEKSA_HOME/wildfly/domain/configuration/domain.xml. Backup this file before proceeding.
cp $AVEKSA_HOME/wildfly/domain/configuration/domain.xml $AVEKSA_HOME/domain/configuration/domain.xml_backup_<MM-DD-YYYY>
- Run the following commands at the system prompt:
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/profile=full-ha/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=agent-ssl:write-attribute(name=max-parameters, value=3000)"
- The output after each of the above three commands should look similar to:
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
- This command modifies the $AVEKSA_HOME/wildfly/domain/configuration/domain.xml file as shown below.
FROM:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="2147483647"
redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-post-size="2147483647"
security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>
<https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647"
security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
TO:
<subsystem xmlns="urn:jboss:domain:undertow:3.1"> <buffer-cache name="default"/> <server name="default-server"> <http-listener name="default" socket-binding="http" max-post-size="2147483647" max-parameters="3000" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
- These modifications require an application restart to take affect.
acm restart
For RSA Governance & Lifecycle 7.5.2 and 8.0.0 (intrinsically deployed as a cluster)
- Login as the oracle user
- This procedure will modify $AVEKSA_HOME/wildfly/domain/configuration/domain.xml. Backup this file before proceeding.
cp $AVEKSA_HOME/wildfly/domain/configuration/domain.xml $AVEKSA_HOME/domain/configuration/domain.xml_backup_<MM-DD-YYYY>
- Run the following commands at the system prompt:
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh -c --controller=${DOMAIN_MASTER} "/profile=full-ha/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=3000)"
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh -c --controller=${DOMAIN_MASTER} "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=max-parameters, value=3000)"
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh -c --controller=${DOMAIN_MASTER} "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=agent-ssl:write-attribute(name=max-parameters, value=3000)"
- The output after each of the above three commands should look similar to:
"outcome" => "success",
"result" => undefined,
"server-groups" => {"img-server-group" => {"host" => {"master" => {"img-server-1" => {"response" => {
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
- This command modifies the $AVEKSA_HOME/wildfly/domain/configuration/domain.xml file as shown below.
FROM:
<http-listener name="default" socket-binding="http" max-post-size="2147483647" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" security-realm="AveksaRealm" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/>
TO:
<http-listener name="default" socket-binding="http" max-post-size="2147483647" max-parameters="3000" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaRealm" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/>
- These modifications require an application restart to take affect.
acm restart
Notes
Wildfly max-parameters is an http-listener / https-listener attribute that specifies the maximum number of parameters that will be parsed. This applies to both query parameters, and to POST data.
Related Articles
Error when signing a certificate request using RCM in HA with Thales HSM Number of Views Cluster Relationships Number of Views How to configure High Availability (HA) on multiple RSA Authentication Agents for Citrix StoreFront with Risk Based Authen… Number of Views Import of the AFX standard connectors fails with 'UT000020: Connection terminated as request was larger than 10485760' in … Number of Views rsa_authentication_manager_8.5_getting_started_virtual_appliance_VMware.pdf Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
Don't see what you're looking for?
