Announcement Announcement Module
Collapse
No announcement yet.
Configure POST ProtocolBinding in SAML authentication request Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configure POST ProtocolBinding in SAML authentication request

    Hi everyone,

    Spring Security SAML insists on requesting the Artifact binding in the SAML authentication request (ProtocolBinding attribute):

    Code:
    <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                     AssertionConsumerServiceURL="http://sp.com/saml/SSO/alias/defaultAlias"
                     Destination="https://idp.com/idp"
                     ForceAuthn="false"
                     ID="a4acj06d42fdc0d3494h859g3f7005c"
                     IsPassive="false"
                     IssueInstant="2012-12-05T17:07:18.271Z"
                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
                     Version="2.0"
                     >
    How can I configure POST binding instead? Thanks for any answers!

    -- Andreas
    Last edited by devkat; Dec 21st, 2012, 07:27 AM.

  • #2
    Originally posted by devkat View Post
    Hi everyone,

    Spring Security SAML insists on requesting the Artifact binding in the SAML authentication request (ProtocolBinding attribute):

    Code:
    <saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                     AssertionConsumerServiceURL="http://sp.com/saml/SSO/alias/defaultAlias"
                     Destination="https://idp.com/idp"
                     ForceAuthn="false"
                     ID="a4acj06d42fdc0d3494h859g3f7005c"
                     IsPassive="false"
                     IssueInstant="2012-12-05T17:07:18.271Z"
                     ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
                     Version="2.0"
                     >
    How can I configure POST binding instead? Thanks for any answers!

    -- Andreas
    If you examine your metadata you should see something like the following:

    Code:
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://www.example.com/saml/SSO/alias/cssp" index="0" isDefault="true"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.example.com/saml/SSO/alias/cssp" index="1"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="http://www.example.com/saml/SSO/alias/cssp" index="2"/>
        <md:AssertionConsumerService xmlns:hoksso="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="http://www.example.com/saml/HoKSSO/alias/cssp" hoksso:ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" index="3"/>
        <md:AssertionConsumerService xmlns:hoksso="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="http://www.example.com/saml/HoKSSO/alias/cssp" hoksso:ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" index="4"/>
    You can set the default index on your WebSSOProfileOptions as follows:

    Code:
          <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
            <property name="includeScoping" value="false"/>
            <property name="assertionConsumerIndex" value="1"/>
          </bean>

    Comment


    • #3
      I've tried twice to reply to this and it says the moderators have to approve the reply. If the moderators are not active the forum is essentially useless.

      Comment


      • #4
        Richard,

        thanks a lot, this worked!

        -- Andreas

        Comment

        Working...
        X