#### Gluu -> Siteminder IDP AuthnRequest is failing as Saml request xml sent to Siteminder is not deflated. Tried both `HTTP-POST` and `HTTP-Redirect` in passport-saml-config.json with `skipRequestCompression` set to `true / false`. #### <u>Failure message from siteminder:</u> HTTP Status 400 – Bad Request Message Bad Request. The request has bad syntax or incorrect parameters. #### <u>SAML request xml: </u> `https://fedtest.gbt.gbtad.com/affwebservices/public/saml2sso?SAMLRequest=PD94bWwgdmVyc2lvbj0iMS4wIj8%2BPHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBJRD0iX2I3OTRmOTMzODg2MDQzM2E4YTFhIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAxOC0xMi0wNFQxNjozNDo0Mi4wNjhaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9ndHd0ZGxhcGZlZHYwMS5nYnQuZ2J0YWQuY29tL3Bhc3Nwb3J0L2F1dGgvc2FtbC9zaXRlbWluZGVyL2NhbGxiYWNrIiBEZXN0aW5hdGlvbj0iaHR0cHM6Ly9mZWR0ZXN0LmdidC5nYnRhZC5jb20vYWZmd2Vic2VydmljZXMvcHVibGljL3NhbWwyc3NvIj48c2FtbDpJc3N1ZXIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaHR0cHM6Ly9ndHd0ZGxhcGZlZHYwMS5zaXRlbWluZGVyLmNvbTwvc2FtbDpJc3N1ZXI%2BPHNhbWxwOk5hbWVJRFBvbGljeSB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyIgQWxsb3dDcmVhdGU9InRydWUiLz48c2FtbHA6UmVxdWVzdGVkQXV0aG5Db250ZXh0IHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIENvbXBhcmlzb249ImV4YWN0Ij48c2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YWM6Y2xhc3NlczpQYXNzd29yZFByb3RlY3RlZFRyYW5zcG9ydDwvc2FtbDpBdXRobkNvbnRleHRDbGFzc1JlZj48L3NhbWxwOlJlcXVlc3RlZEF1dGhuQ29udGV4dD48L3NhbWxwOkF1dGhuUmVxdWVzdD4%3D` ##### <u>Above request could be brought back to valid xml with following steps:</u> 1. Url Decode 2. Base64 Decode 3. Valid xml ##### <u> But expected steps are: </u> 1. Url Decode 2. Base64 Decode 3. <u>**`Inflate xml`**</u> - which is missing 4. Valid xml ##### <u> Below screen shots for reference:</u> https://pasteboard.co/HQca3oI.png https://pasteboard.co/HQcaqOn.png #### <u>passport-saml-config.json:</u> ``` "siteminder": { "entryPoint": "https://fedtest.gbt.gbtad.com/affwebservices/public/saml2sso", "issuer": "https://gtwtdlapfedv01.siteminder.com", "identifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", "logo_img":"", "enable":"true", "cert":"....", "skipRequestCompression": "false", "reverseMapping": { "email" : "email", "username":"username", "displayName": "name", "id": "NameID", "name": "name", "givenName":"firstName", "familyName": "lastName", "provider" :"issuer" } } ``` #### <u>Siteminder responds successfully when request is DEFLATED with below manual steps:</u> 1. Valid saml request xml 2. Deflate xml 3. Base64 encode 4. Url encode `https://fedtest.gbt.gbtad.com/affwebservices/public/saml2sso?SAMLRequest=nVPBjtowEP2VyHeSOGKrxVpYUVBVpG2LgPbQS2XsCWvVsVPPBOjf1wlki6rCgUMUaeblzZs3L0%2FPx8omewhovBsznubsefKEsrK1mDb06lbwqwGkJMIciq4xZk1wwks0KJysAAUpsZ5%2BehFFmos6ePLKW5Ys5mP2I5ccIC%2F4qBiWnOdK63zEkm%2F9wPhFBCI2sHBI0lEs5fxxwItBPtzwd6J4EA88HQ0fv7NkeaZ%2Bb5w2bndbx%2FYEQvFxs1kOll%2FWG5ZMESFQHDzzDpsKwhrC3ij4unoZs1eiGkWW7ehA2sq6BL3PebrbUvtInSpfZbVErH2gTEZzstaODA1BFYdByJS0divVT5bMo2fGSeqW7JkjI8X6P5SyLA%2BwxZMSzOpma43qqAtEz07XEJ1H4eIMt7eX%2FaZscmWvv7JbFU%2FZxZQ%2BAJ8j7WK%2B9FHP73sC8MGHStJ1NE95VzF6UHZQAZU0dqp1AMR4Lmv9YRZAEowZhQZY1ks7xxJ0F9J4ToLjXSGd%2BaqWwWB7JzhKRb3hl8QzG%2F1cQXmP%2FTdhSqiWOpaX8XXwQbcZBxUX2wTpuqidT%2FM%2FPZNT74odb93LH3nyBw%3D%3D`