Hi @Rajeev Gera
Thank you for posting this in Microsoft Q&A.
I understand that you're encountering an error with the SAML message encoding when trying to implement SAML authentication with Azure for your on-premises application hosted through IIS. Specifically, you're seeing the error message "AADSTS750055: SAML message was not properly DEFLATE-encoded."
Could you please confirm, what type of HTTP call being used by your application to send SAMLRequest (aka AuthNRequest) to Azure AD, either HTTP-Redirect
or HTTP-POST?
You can identity this by looking at SAMLRequest
from HTTP call which done by your application, if you see HTTP 302 call and SAMLRequest sent in query string then your app using HTTP-Redirect
which is most commonly used scenario. Instead, you see HTTP POST call and SAMLRequest sent in body then your application using HTTP POST.
This error typically occurs when the SAML message is not properly compressed using the DEFLATE algorithm.
This is my AuthRequest for test app:
<samlp:AuthnRequest xmlns="urn:oasis:names:tc:SAML:2.0:metadata" ID="F84D888AA3B44C1B844375A4E8210D9E" Version="2.0" IssueInstant="2021-10-07T08:10:24.669Z" IsPassive="false" AssertionConsumerServiceURL="https://adfshelp.microsoft.com/ClaimsXray/
HTTP-Redirect- binding:
AuthenRequest need to be Deflate + Base64 Encode.
and then URLEncode.
To deflate and base64 encode, we can use this tool, https://www.samltool.com/encode.php. And to URL Encode, use this tool, https://meyerweb.com/eric/tools/dencoder/.
1.Deflate + Base64 Encode value:
jZHLasMwEEV/xWgfS340UYRtcF4QSKEkaSndCWeCTfVwNXJo/76Ki1eF0u0wc7jnToFSq17Ug2/NET4GQB99amWwJIMzwkrsUBipAYVvxKl+PIg0ZkKDlxfpJYn2m5LseL7hnNd1tsrzdbLieZ4tHup8y9OEbZZbEr2Aw86akoTjcIM4wN6gl8aHEUuTWcJmbHFmXCRMpHk8ny/f7ntPErG7QUmuUiGQqEYE5wNpbQ0OGtwJ3K1r4Pl4KEnrfY+CUnm5Yguqj3XXOIv26uPGarpWstP46uQXPdt3CLrYB0qgjsJibOJv7d5ZbxurSLSzroGxtSlbVYxa7j/1yUmDVFNoZRupWoteZIwxeg9Dp5YL+oOuCvr7XdU3
2.URL Encoded above value:
jZHLasMwEEV%2FxWgfS340UYRtcF4QSKEkaSndCWeCTfVwNXJo%2F76Ki1eF0u0wc7jnToFSq17Ug2%2FNET4GQB99amWwJIMzwkrsUBipAYVvxKl%2BPIg0ZkKDlxfpJYn2m5LseL7hnNd1tsrzdbLieZ4tHup8y9OEbZZbEr2Aw86akoTjcIM4wN6gl8aHEUuTWcJmbHFmXCRMpHk8ny%2Ff7ntPErG7QUmuUiGQqEYE5wNpbQ0OGtwJ3K1r4Pl4KEnrfY%2BCUnm5Yguqj3XXOIv26uPGarpWstP46uQXPdt3CLrYB0qgjsJibOJv7d5ZbxurSLSzroGxtSlbVYxa7j%2F1yUmDVFNoZRupWoteZIwxeg9Dp5YL%2BoOuCvr7XdU3
Final result would be added in SAMLRequest HTTP query string as shown below:
**HTTP-POST- binding:**AuthnRequest need to be Base64 Encode directly and sent in HTTP POST call.
PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm1ldGFkYXRhIiBJRD0iRjg0RDg4OEFBM0I0NEMxQjg0NDM3NUE0RTgyMTBEOUUiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIxLTEwLTA3VDA4OjEwOjI0LjY2OVoiIElzUGFzc2l2ZT0iZmFsc2UiIEFzc2VydGlvbkNvbnN1bWVyU2VydmljZVVSTD0iaHR0cHM6Ly9hZGZzaGVscC5taWNyb3NvZnQuY29tL0NsYWltc1hyYXkvVG9rZW5SZXNwb25zZSIgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCIgRm9yY2VBdXRobj0iZmFsc2UiPjxJc3N1ZXIgeG
For your reference: https://blog.ardikapras.com/getting-error-on-saml-message-was-not-properly-deflate-encoded-8f65f8fec0de
Similar issue discussed here: https://learn.microsoft.com/en-us/answers/questions/580306/aadsts750056-saml-message-was-not-properly-base64
Hope this helps. Do let us know if you any further queries.
Thanks,
Navya.
If the answer is helpful, please click "Accept Answer" and kindly upvote it.