0

I have an issue

I connected SP and IDP, and all is ok except one thing: SP send GET request to iDp. and iDp demand data sent using POST protocol.

this is SP

'spname' => array(
  'saml:SP',
  'ProtocolBinding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
  'idp' => 'https://someurl.com/SomeSSO.aspx',
  'acs.Bindings' => array(
   'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
   'urn:oasis:names:tc:SAML:1.0:profiles:browser-post',
  ),
  'discoURL' => NULL,
  'privatekey' => 'some.pem',
  'certificate' => 'some.crt'
 ),

and this is iDp remote:

$metadata['https://something.com/SomeSSO.aspx'] = array(
 'name' => array(
  'en' => 'Something',
  'no' => 'Something',
 ),
 'description'          => 'Something',
 'SingleSignOnService'  => 'https://xxxxxx.com/SomeSSO.aspx?ou_id=-850',
 'SingleLogoutService'  => 'https://xxxxxx.com/SomeSSO.aspx?ou_id=-850',
 'certFingerprint'      => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
);

can someone help me?

Milan Stojadinovic
  • 31
  • 7

2 Answers2

0

You've stated your issue, but no actual question.

If you're desire is for the IdP to use GET as well, I believe you need to the HTTP-POST to HTTP-GET in the protocol binding attribute.

A Boy Named Su
  • 178
  • 2
  • 8
0

To configure SimpleSAMLphp to use HTTP POST instead of GET you will need to modify your remote IdP configuration to explicitly specify a HTTP POST binding, something like this should work:

$metadata['https://something.com/SomeSSO.aspx'] = array(
    'name' => array(
        'en' => 'Something',
        'no' => 'Something',
    ),
    'description'           => 'Something',
    'SingleSignOnService'   => array (
        array (
            'Binding'   => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
            'Location'  => 'https://xxxxxx.com/SomeSSO.aspx?ou_id=-850',
        ),
    ),
    'SingleLogoutService'   => array (
        array (
            'Binding'   => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
            'Location'  => 'https://xxxxxx.com/SomeSSO.aspx?ou_id=-850',
        ),
    ),
    'certFingerprint'       => xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
);

SimpleSAMLphp includes a metadata parser which does the work of converting the IdP configuration details to the required format for SimpleSAMLphp. This functionality is mentioned briefly in the SimpleSAMLphp documentation here: https://simplesamlphp.org/docs/1.8/simplesamlphp-sp#section_2.

If your remote IdP supplies their metadata in XML format, consider using the metadata parser to generate your remote IdP configuration as the metadata parser will automatically generate the correct bindings for your remote IdP endpoints.

Glenn Bolton
  • 96
  • 1
  • 4