diff --git a/etc/nova/nova.conf.sample b/etc/nova/nova.conf.sample
index 0da0754444ea..de1ff608dd22 100644
--- a/etc/nova/nova.conf.sample
+++ b/etc/nova/nova.conf.sample
@@ -513,6 +513,12 @@
 # value)
 #wsgi_default_pool_size=1000
 
+# Maximum line size of message headers to be accepted.
+# max_header_line may need to be increased when using large
+# tokens (typically those generated by the Keystone v3 API
+# with big service catalogs). (integer value)
+#max_header_line=16384
+
 
 #
 # Options defined in nova.api.auth
diff --git a/nova/tests/test_wsgi.py b/nova/tests/test_wsgi.py
index cb59b910668f..6a31b2db38a5 100644
--- a/nova/tests/test_wsgi.py
+++ b/nova/tests/test_wsgi.py
@@ -21,18 +21,21 @@ import tempfile
 import testtools
 
 import eventlet
+import eventlet.wsgi
 import requests
 
 import nova.exception
 from nova import test
 from nova.tests import utils
 import nova.wsgi
+from oslo.config import cfg
 import urllib2
 import webob
 
 SSL_CERT_DIR = os.path.normpath(os.path.join(
                                 os.path.dirname(os.path.abspath(__file__)),
                                 'ssl_cert'))
+CONF = cfg.CONF
 
 
 class TestLoaderNothingExists(test.NoDBTestCase):
@@ -100,6 +103,11 @@ class TestWSGIServer(test.NoDBTestCase):
         server = nova.wsgi.Server("test_app", None)
         self.assertEqual("test_app", server.name)
 
+    def test_custom_max_header_line(self):
+        CONF.max_header_line = 4096  # Default value is 16384.
+        server = nova.wsgi.Server("test_custom_max_header_line", None)
+        self.assertEqual(CONF.max_header_line, eventlet.wsgi.MAX_HEADER_LINE)
+
     def test_start_random_port(self):
         server = nova.wsgi.Server("test_random_port", None,
                                   host="127.0.0.1", port=0)
diff --git a/nova/wsgi.py b/nova/wsgi.py
index c181c29c7215..4c2c9c8ba557 100644
--- a/nova/wsgi.py
+++ b/nova/wsgi.py
@@ -38,9 +38,6 @@ from nova.openstack.common import excutils
 from nova.openstack.common.gettextutils import _
 from nova.openstack.common import log as logging
 
-# Raise the default from 8192 to accommodate large tokens
-eventlet.wsgi.MAX_HEADER_LINE = 16384
-
 wsgi_opts = [
     cfg.StrOpt('api_paste_config',
                default="api-paste.ini",
@@ -66,6 +63,12 @@ wsgi_opts = [
     cfg.IntOpt('wsgi_default_pool_size',
                default=1000,
                help="Size of the pool of greenthreads used by wsgi"),
+    cfg.IntOpt('max_header_line',
+               default=16384,
+               help="Maximum line size of message headers to be accepted. "
+                    "max_header_line may need to be increased when using "
+                    "large tokens (typically those generated by the "
+                    "Keystone v3 API with big service catalogs)."),
     ]
 CONF = cfg.CONF
 CONF.register_opts(wsgi_opts)
@@ -93,6 +96,8 @@ class Server(object):
         :returns: None
         :raises: nova.exception.InvalidInput
         """
+        # Allow operators to customize http requests max header line size.
+        eventlet.wsgi.MAX_HEADER_LINE = CONF.max_header_line
         self.name = name
         self.app = app
         self._server = None