We have done a SAML integration with a 3rd party using HTTP-Redirect Authentication Request Binding. The SAMLRequest query parameter that is sent in the redirect is URL encoded, base64 encoded, but not XML deflated (compressed). Sample data is given below. The following error occurs in the FWSTrace.log for this request:
[04/27/2021][12:06:06][15d9f69f-7b3bc80a-ada45b26-6be48a57-d825d117-6e6][SSO.java][doGet][Transaction with ID: 15d9f69f-7b3bc80a-ada45b26-6be48a57-d825d117-6e6 failed. Reason: BAD_SAML_REQUEST_ENCODING]
From this link (https://knowledge.broadcom.com/external/article/7847/http-status-400-bad-request-with-error.html ) it appears that XML deflation is required when encoding the SAMLRequest query parameter for HTTP-Redirect binding.
Excerpt from that document: GET(REDIRECT) encoding, which uses DEFLATE compression method, its output will be accepted by CA SSO in HTTP GET
Can you confirm whether XML deflation is required in the encoding of the SAMLRequest query parameter?
Release : 12.8.03
Component : SiteMinder Federation(Federation Manager)
For POST binding, Siteminder expects the SAMLRequest to be Base64 encoded. For REDIRECT binding, the expectation is for Base64 and Deflate encoding.