search cancel

Strange behavior in Request: Process SAML Authentication Request


Article ID: 257026


Updated On:


CA API Gateway


I have found a strange behavior in the assertion "Request: Process SAML Authentication Request".

The assertion seems to work fine if provided with a valid SAMLRequest. 

If the valid SAMLRequest is modified (e.g. gets truncated or rewritten so that it is indeed invalid) the assertion correctly fails. This error is managed successfully.

However, if the SAMLRequest that is passed in query string, is empty or composed by few characters the assertion abruptly brings to the stop of the policy.

In the API Gateway logs it is showed this message:

"2022-12-20T14:18:22.823+0100 WARNING 408 com.l7tech.server.SoapMessageProcessingServlet serviceNoAudit: I/O error while processing message: Unexpected end of ZLIB input stream".


Release : 10.1


Engineering will fix this in API Gateway v11.0.00 CR01  and API Gateway v10.1.00 CR03