Hi @Tanlee2014
This is a known SAML compression / deflate issue, not an Azure or SSL problem.
By default, SuiteCRM sends AuthnRequest using DEFLATE compression, but Azure AD is very strict. If anything in the chain (PHP, web server, or cert formatting) is off, Azure throws a deflate / decoding error.
Proposed Fix:
Disable SAML request compression.
In your .env.local change:
SAML_COMPRESS_REQUEST=false
Then clear cache again:
bash command: php ./bin/console cache:clear
Restart your web server (Apache or Nginx).
Important points:
Certificate formatting
Your SAML_IDP_X509CERT must not contain:
-
-----BEGIN CERTIFICATE-----
-
-----END CERTIFICATE-----
-
Any line breaks
It should be “one single line”, like:
SAML_IDP_X509CERT='MIIDxTCCAq2gAwIBAgIQ...'
Web server compression
If you are using Apache, make sure mod_deflate is enabled:
If using Nginx, ensure gzip is not interfering:
PHP extensions
Make sure PHP has:
php -m | grep zlib
If not:
sudo apt install php-zlib
Most common causes of the issues, according to our experience:
Azure expects a properly DEFLATE-encoded SAML Request, If:
-
Compression is malformed
-
Certificate formatting is wrong
-
zlib is missing
Azure fails during decoding and throws the deflate error.
If the issue persist then please share the following:
-
Share your Azure SAML configuration
-
Share your SuiteCRM config