Hi!
We develop ASP.NET MVC portal that interacts with Oracle 12c using ODP.NET 12.2.1100 managed driver. According to the documentation, we configured the database connection using Kerberos. Everything works well, but only for a part of Active Directory users while the other part gets the ora-12631 error. Numerous experiments on problem users have shown that they are all included in a large number of Active Directory security groups, and if the problem user is excluded from certain Active Directory groups, the connection to the database via Kerberos passes without problems. It was found that the Kerberos token for problem users has a larger size in relation to other users. The Kerberos token is passed from the client to the web server (IIS in our case) in the http header. Accordingly, we maximized the value of the MaxTokenSize parameter on the client and on the server, but this did not help. On the server, we increased the values of the MaxFieldLength and MaxRequestBytes parameters to the maximum, but this did not help. We completely disabled the antivirus SOFTWARE on both the client and server, but it didn't help.
In accordance with all of the above, can ODP.NET or MIT Kerberos 4.0.1 have restrictions on the size of the Kerberos token or the size of the http request header? Maybe there are restrictions on the database side?