This article describes that when a user belongs to a large number of groups (i.e. 450+) on Windows, the user may encounter the Kerberos authentication failure
Scope
FortiProxy.
Solution
Adjust the ‘max-message-length’ setting accordingly:
config web-proxy global set max-message-length 64 next end
By default, the setting is set to 32. Increase the size accordingly.