Have an ADFS server setup for various connections. All SAML configs work while connecting directly to ADFS. We are trying to set up a WAP to secure our network a bit more and to force Forms Based Authentication to external users.
During testing, there is 1 SAML trust that does not work through the WAP and came to the conclusion with the vendor that the issue is when going through the WAP the SAML POST adds an extra parameter called "client-request-id" which the SP doesn't accept and therefore fails.
They are saying that the fix needs to be applied from the ADFS side, but I am unable to find anything that is public knowledge that will allow this change?
Lastly, they are deploying a code fix in the future that will accept the client-request-id but at this time no ETA. Also for knowledge, the vendor is Cisco :D, and the issue is with VPN ( AnyConnect ) through ASA.