Invalid HTTP method (GET) error on SAML2/POST

HCUK eLearning daveperryatwork at
Wed Mar 28 11:04:24 EDT 2018

Hi all

An SP-protected site is changing its URL (it had .srv in the URL, and this
is going when it changes to a different reverse proxy), so I edited the
shibboleth2.xml on said server, and SP metadata file on the IdP end. I left
the entityID alone in shibboleth2.xml on the SP, to avoid having to change
too much on the IdP side (I just edited all the https paths in the

It now works fine on http, if I point my hosts file to the test server. The
server does not have our external wildcard https certificate on it - it
hasn't a clue that Sophos UTM (our reverse proxy) is doing this.

UTM (v9), which has been setup to receive traffic from that URL to the same
server running the SP, causes an error when I've logged into Shibboleth

opensaml::BindingException at (
Invalid HTTP method (GET).

I suspect UTM is playing silly buggers with the request, as when I don't go
via it it works. We have emailed details to the company who installed it.

Equally, why is it mentioning http:// in the above error when it should be
using https from the outside world? It not knowing about the reverse proxy
may be involved.

Any advice on how to keep all traffic HTTPs appreciated (extra detail, it's
an IIS set and I've only set shibd to listen to the Default web site, as
this is the one that UTM points to from the outside world).

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list