Is it possible to configure the Maximum SAML assertion length for firewall parsing?

Is it possible for firewall to increase the length of the SAML assertion that came from IDP server?

• Next-Gen Firewalls
• SAML Authentication

1. No, there is no option to increase the maximum length of a SAML assertion that Firewall can parse.
2. Adjustment has to be made from IDP side to make sure the incoming SAML response is not too long.
3. Long SAML response can lead to parsing errors leading to authentication failures as shown below. 

less mp-log authd.log

-0400 Client 'X.X.X.X' redirected to 'https://www.xxx.com/saml/sps/saml20ip/saml20/login' for authentication profile 'SAML'
-0400 debug: pan_auth_request_process(pan_auth_state_engine.c:3460): Receive request: msg type PAN_AUTH_REQ_SAML_PARSE_SSO_RESPONSE, conv id 1788, body length 40120
-0400 debug: _log_saml_input(pan_auth_state_engine.c:2917): Trying to handle SAML/CAS message: <profile: "SAML", vsys: "vsys3", authd_id: 7239715891976343218 fqdn: "captive-portal.xxx.com:6082" remotehost: "X.X.X.X" debug mode = 0, more data size 37664>; timeout setting: 180 secs
-0400 Authd in enum phase 4
-0400 Error: _get_saml_info(pan_authd_saml.c:589): Failed to find cert for in vsys 0
-0400 Error: _get_payload(pan_authd_saml_internal.c:1056): The received payload can't be b64 decoded. It is saved in /opt/pancfg/mgmt/global/authd/SAML_received_payload
-0400 SAML Assertion from 'https://www.xxx.com/saml/sps/saml20ip/saml20' is malformed
-0400 Error: _handle_request(pan_authd_saml.c:2203): occurs in _parse_sso_response()
-0400 SAML SSO authentication failed for user ''. Reason: SAML web single-sign-on failed. auth profile 'SAML', vsys 'vsys3', server profile 'Saml-Meta', IdP entityID 'https://www.xxx.com/saml/sps/saml20ip/saml20', reply message 'SAML single-sign-on failed' From: X.X.X.X.