How to modify the WildFly application server default maximum parameter setting of 1000 in RSA Governance & Lifecycle
Originally Published: 2019-12-19
Article Number
Applies To
RSA Product Set: RSA Governance & Lifecycle
RSA Version/Condition: 7.0.x, 7.1.x, 7.5.2, 8.0.0
Application Server : WildFly
Issue
The WildFly application server default maximum parameter setting is 1000. There may be times when you are advised to increase this setting by either an RSA Knowledge Base Article or by RSA Governance & Lifecycle Support. The purpose of this RSA Knowledge Base Article is to outline the steps for increasing this parameter.
IMPORTANT: Do not modify this value unless you have been instructed to do so by either an RSA Knowledge Base Article or by RSA Governance & Lifecycle Support.
Tasks
Resolution
For RSA Governance & Lifecycle 7.0.x and 7.1.x
On a WildFly Standalone configuration, modify WildFly configuration as follows:
- Login as the oracle user
- This procedure will modify $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml. Backup this file before proceeding.
cp $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml_backup_<MM-DD-YYYY>
- Run the following commands at the system prompt:
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/subsystem=undertow/server=default-server/https-listener=agent-ssl:write-attribute(name=max-parameters, value=3000)"
- The output after each of the above three commands should look similar to:
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
- This command modifies the $AVEKSA_HOME/wildfly/standalone/configuration/aveksa-standalone-full.xml file as shown below.
FROM:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="2147483647"
redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-post-size="2147483647"
security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>
<https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647"
security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
TO:
<subsystem xmlns="urn:jboss:domain:undertow:3.1"> <buffer-cache name="default"/> <server name="default-server"> <http-listener name="default" socket-binding="http" max-post-size="2147483647" max-parameters="3000" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
- These modifications require an application restart to take affect.
acm restart
On a WildFly Cluster configuration, modify WildFly configuration as follows on each node:
- Login as the oracle user
- This procedure will modify $AVEKSA_HOME/wildfly/domain/configuration/domain.xml. Backup this file before proceeding.
cp $AVEKSA_HOME/wildfly/domain/configuration/domain.xml $AVEKSA_HOME/domain/configuration/domain.xml_backup_<MM-DD-YYYY>
- Run the following commands at the system prompt:
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/profile=full-ha/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=max-parameters, value=3000)" $AVEKSA_HOME/wildfly/bin/jboss-cli.sh --connect "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=agent-ssl:write-attribute(name=max-parameters, value=3000)"
- The output after each of the above three commands should look similar to:
{
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
}
- This command modifies the $AVEKSA_HOME/wildfly/domain/configuration/domain.xml file as shown below.
FROM:
<subsystem xmlns="urn:jboss:domain:undertow:3.1">
<buffer-cache name="default"/>
<server name="default-server">
<http-listener name="default" socket-binding="http" max-post-size="2147483647"
redirect-socket="https" enable-http2="true"/>
<https-listener name="https" socket-binding="https" max-post-size="2147483647"
security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/>
<https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647"
security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
TO:
<subsystem xmlns="urn:jboss:domain:undertow:3.1"> <buffer-cache name="default"/> <server name="default-server"> <http-listener name="default" socket-binding="http" max-post-size="2147483647" max-parameters="3000" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaRealm" enabled-protocols="TLSv1,TLSv1.1,TLSv1.2"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-protocols="TLSv1.2"/>
- These modifications require an application restart to take affect.
acm restart
For RSA Governance & Lifecycle 7.5.2 and 8.0.0 (intrinsically deployed as a cluster)
- Login as the oracle user
- This procedure will modify $AVEKSA_HOME/wildfly/domain/configuration/domain.xml. Backup this file before proceeding.
cp $AVEKSA_HOME/wildfly/domain/configuration/domain.xml $AVEKSA_HOME/domain/configuration/domain.xml_backup_<MM-DD-YYYY>
- Run the following commands at the system prompt:
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh -c --controller=${DOMAIN_MASTER} "/profile=full-ha/subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=max-parameters, value=3000)"
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh -c --controller=${DOMAIN_MASTER} "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=max-parameters, value=3000)"
$AVEKSA_HOME/wildfly/bin/jboss-cli.sh -c --controller=${DOMAIN_MASTER} "/profile=full-ha/subsystem=undertow/server=default-server/https-listener=agent-ssl:write-attribute(name=max-parameters, value=3000)"
- The output after each of the above three commands should look similar to:
"outcome" => "success",
"result" => undefined,
"server-groups" => {"img-server-group" => {"host" => {"master" => {"img-server-1" => {"response" => {
"outcome" => "success",
"response-headers" => {
"operation-requires-reload" => true,
"process-state" => "reload-required"
}
- This command modifies the $AVEKSA_HOME/wildfly/domain/configuration/domain.xml file as shown below.
FROM:
<http-listener name="default" socket-binding="http" max-post-size="2147483647" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" security-realm="AveksaRealm" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/>
TO:
<http-listener name="default" socket-binding="http" max-post-size="2147483647" max-parameters="3000" redirect-socket="https" enable-http2="true"/> <https-listener name="https" socket-binding="https" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaRealm" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/> <https-listener name="agent-ssl" socket-binding="agent-ssl" max-post-size="2147483647" max-parameters="3000" security-realm="AveksaAgentRealm" verify-client="REQUIRED" enabled-cipher-suites="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" enabled-protocols="TLSv1.2" enable-http2="false"/>
- These modifications require an application restart to take affect.
acm restart
Notes
Wildfly max-parameters is an http-listener / https-listener attribute that specifies the maximum number of parameters that will be parsed. This applies to both query parameters, and to POST data.
Related Articles
Error when signing a certificate request using RCM in HA with Thales HSM Number of Views Cluster Relationships Number of Views How to configure High Availability (HA) on multiple RSA Authentication Agents for Citrix StoreFront with Risk Based Authen… Number of Views Import of the AFX standard connectors fails with 'UT000020: Connection terminated as request was larger than 10485760' in … Number of Views RSA-2024-13: RSA Authentication Agent for Microsoft Windows Security Update Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server How to troubleshoot Oracle database ORA-04030 errors in RSA Identity Governance & Lifecycle RSA Authentication Manager Upgrade Process Microsoft SQL Server Collectors can no longer connect to the SQL Server database after upgrade to Microsoft SQL Server 201…
Don't see what you're looking for?
