I have implemented a SAML service provider to support single sign-on for the ASP.Net web portal, which is compression software configured on client sites and should be able to interact with any SAML-compatible identity provider.
The My Consumer Service (ACS) page will receive a SAML response using the GET and POST methods.
As I understand the SAML protocol, the SAML Request ProtocolBinding property indicates which protocols are supported for the response. My request is currently specifying an HTTP-Redirect binding. However, I would like to state that I support HTTP-Redirect (GET) and HTTP-POST (POST). After searching for more SAML documentation than I want to repeat, I cannot find the syntax for declaring several supported protocol bindings (or is this even true for this).
Although I could make this declaration customizable, I would prefer to declare both bindings so that the Identity Provider works without further customizing my portal.
Below is a sample of my authentication request. Please, if someone knows a way to declare HTTP-Redirect and HTTP-POST for the Binding protocol, I would really appreciate your input!
<?xml version="1.0" encoding="utf-8"?> <samlp:AuthnRequest xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="[AUTHN_ID]" Version="2.0" IssueInstant="[ISSUE_INSTANT]" ProtocolBinding="urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect" ProviderName="[PROVIDER_NAME]" AssertionConsumerServiceURL="[ACS_URL]"> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"> PortalEntityID </saml:Issuer> <samlp:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" /> </samlp:AuthnRequest>
Thanks in advance to everyone who can help!
source share