This article describes an issue of SAML authentication failing when extended ASCII in an assertion from the IDP is used by userAttr variable in the User Name Template field.
Problem or Goal
Authentication fails and the Access log shows "Invalid assertion received" if an assertion is received which has extended ASCII for a value and the SAML User Name Template is configured with a userAttr variable like <userAttr.displayname> that references that value.
This issue occurs due to the PCS / PPS only supports basic ASCII characters.
There is currently no solution and extended ASCII should be avoided for names that will be parsed by the User Name Template variable. If extended ASCII support is required, please contact the regional Pulse Secure Sales Engineer to file an enhancement request.