Deflating/expanding SAML response failed; Please contact your administrator when Citrix ADC is configured as SAML IDP
Article ID: CTX390463
Updated On:
Description
The following error message is found in a network trace, when trying to resolve problems with SAML authentication, using Citrix ADC as SAML IDP:
Deflating/expanding SAML response failed; Please contact your administrator.
Resolution
Resolve the problem with the SAMLRequest by ensuring that there are no trailing characters in the decoded content, in places where trailing characters should not be found.
If it is not possible to amend the SAMLRequest to remove any trailing characters, then Citrix ADC can be configured to ignore the error with deflating/expanding by using the following command:
nsapimgr_wr.sh -ys call="ns_saml_deflate_variant" arg1=0
Problem Cause
Any SAMLRequest containing trailing characters can cause extra data chunks to become parsed by Citrix ADC. Unexpected additional chunks of data will cause the deflating/expanding process to experience an unrecoverable error on Citrix ADC when configured with default settings.
Was this article helpful?
Yes
No
Powered by
