SAMLRequest Encoding for POST Versus REDIRECT Binding
search cancel

SAMLRequest Encoding for POST Versus REDIRECT Binding


Article ID: 215462


Updated On:


CA Single Sign On Federation (SiteMinder)


We have done a SAML integration with a 3rd party using HTTP-Redirect Authentication Request Binding. The SAMLRequest query parameter that is sent in the redirect is URL encoded, base64 encoded, but not XML deflated (compressed).  Sample data is given below.  The following error occurs in the FWSTrace.log for this request:

[04/27/2021][12:06:06][88767][95966976][<Transaction ID>][][doGet][Transaction with ID: <Transaction ID> failed. Reason: BAD_SAML_REQUEST_ENCODING]

From this link ( ) it appears that XML deflation is required when encoding the SAMLRequest query parameter for HTTP-Redirect binding.

Excerpt from that document: GET(REDIRECT) encoding,  which uses  DEFLATE compression method, its output will be accepted by CA SSO in HTTP GET

 Can you confirm whether XML deflation is required in the encoding of the SAMLRequest query parameter? 


Release : 12.8.03

Component : SiteMinder Federation(Federation Manager)


For POST binding, Siteminder expects the SAMLRequest to be Base64 encoded.  For REDIRECT binding, the expectation is for Base64 and Deflate encoding.