authN POST question

Mike Flynn shibbolethlynda at
Thu May 12 12:00:36 EDT 2016

<?xml version="1.0" encoding="UTF-8" ?><md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="">    <md:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">        <md:KeyDescriptor use="signing">            <ds:KeyInfo xmlns:ds="">                <ds:X509Data>                    <ds:X509Certificate>a cert goes here</ds:X509Certificate>                </ds:X509Data>            </ds:KeyInfo>        </md:KeyDescriptor>        <md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat>        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location=""/>        <md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location=""/>    </md:IDPSSODescriptor></md:EntityDescriptor>
This was the first metadata they gave me and when that failed they sent it again sans the redirect stanza.  My version of Shib is too old and does not use the SSO tag. 

    On Thursday, May 12, 2016 8:55 AM, "Cantor, Scott" <cantor.2 at> wrote:

 > They require the authN to be signed and sent as POST, not GET.  But even
> with just that one end point, Shib is still sending it as GET:

Can't be the only endpoint in their metadata then, there's no other place it can get the information.

> Is there a way to force this one entity to send as POST instead of GET?

Fix the metadata or set the outgoingBindings property in the SSO element.

-- Scott

To unsubscribe from this list send an email to users-unsubscribe at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list