Forum Discussion

CoyH_249729's avatar
CoyH_249729
Icon for Nimbostratus rankNimbostratus
May 17, 2017

SAML IdP not working when SP uses POST method

We have a SAML IdP setup that has been working well for us but I have run into an SP that I am unable to authenticate for. When performing SAML Tracer, I found that all working SPs are using a GET message to the F5. For the new SP, it is using a POST. The behavior for the browser is to authenticate and then nothing. It is just like when you send an invalid SAMLRequest. Has anyone seen this and know what I may be doing wrong? Or is this a limitation of the F5 APM module?

 

WORKING:

 

GET https://idp.domain.com/saml/idp/profile/redirectorpost/sso?SAMLRequest=hZLLTsMwEEX3fEXkfeI4fa.....etc

NOT WORKING:

 

POST https://idp.domain.com/saml/idp/profile/redirectorpost/sso?binding=urn%3aoasis%3anames%3atc%3aSAML%3a2.0%3abindings%3aHTTP-POST&LoginToRp=NAMEID

2 Replies

  • We had a similar issue with POST vs Redirect. We were authenticating users via transparent Kerberos. After authentication, the SAML data was missing from the request when using a POST. A Redirect binding worked fine. You should be able to see the actual AuthNRequest in SAML Tracer or other tool. Does it still exist after authentication to the APM?

     

  • P_K's avatar
    P_K
    Icon for Altostratus rankAltostratus

    did you configure POST on both sides( IdP & SP)?