Configure POST ProtocolBinding in SAML authentication request

**devkat** · Dec 5th, 2012, 11:19 AM

Hi everyone,

Spring Security SAML insists on requesting the Artifact binding in the SAML authentication request (ProtocolBinding attribute):

Code:

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 AssertionConsumerServiceURL="http://sp.com/saml/SSO/alias/defaultAlias"
                 Destination="https://idp.com/idp"
                 ForceAuthn="false"
                 ID="a4acj06d42fdc0d3494h859g3f7005c"
                 IsPassive="false"
                 IssueInstant="2012-12-05T17:07:18.271Z"
                 ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
                 Version="2.0"
                 >

How can I configure POST binding instead? Thanks for any answers!

-- Andreas

**richardl** · Dec 5th, 2012, 03:48 PM

Originally Posted by devkat

Hi everyone,

Spring Security SAML insists on requesting the Artifact binding in the SAML authentication request (ProtocolBinding attribute):

Code:

<saml2p:AuthnRequest xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
                 AssertionConsumerServiceURL="http://sp.com/saml/SSO/alias/defaultAlias"
                 Destination="https://idp.com/idp"
                 ForceAuthn="false"
                 ID="a4acj06d42fdc0d3494h859g3f7005c"
                 IsPassive="false"
                 IssueInstant="2012-12-05T17:07:18.271Z"
                 ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
                 Version="2.0"
                 >

How can I configure POST binding instead? Thanks for any answers!

-- Andreas

If you examine your metadata you should see something like the following:

Code:

    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="http://www.example.com/saml/SSO/alias/cssp" index="0" isDefault="true"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.example.com/saml/SSO/alias/cssp" index="1"/>
    <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" Location="http://www.example.com/saml/SSO/alias/cssp" index="2"/>
    <md:AssertionConsumerService xmlns:hoksso="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="http://www.example.com/saml/HoKSSO/alias/cssp" hoksso:ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" index="3"/>
    <md:AssertionConsumerService xmlns:hoksso="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Binding="urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser" Location="http://www.example.com/saml/HoKSSO/alias/cssp" hoksso:ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" index="4"/>

You can set the default index on your WebSSOProfileOptions as follows:

Code:

      <bean class="org.springframework.security.saml.websso.WebSSOProfileOptions">
        <property name="includeScoping" value="false"/>
        <property name="assertionConsumerIndex" value="1"/>
      </bean>

**richardl** · Dec 6th, 2012, 11:48 AM

I've tried twice to reply to this and it says the moderators have to approve the reply. If the moderators are not active the forum is essentially useless.

**devkat** · Dec 21st, 2012, 07:27 AM

Richard,

thanks a lot, this worked!

-- Andreas

Thread: Configure POST ProtocolBinding in SAML authentication request

Thread Tools

Display

[Solved] Configure POST ProtocolBinding in SAML authentication request

Tags for this Thread

Posting Permissions