Internal SP Using HTTP-Redirect instead of HTTP-POST
Nate Klingenstein
ndk at signet.id
Thu May 23 18:56:05 EDT 2019
Jack,
> In an effort to create a uniform login experience, complete with MFA, our organization has opted to deploy internal SPs.
Grand. I think that was an excellent decision. Regarding your issue...
Assuming it wasn't inserted or modified by you or your email client, I would look more closely at this:
> candidate endpoint location 'https://it-itsmapi.jmu.edu/Shibboleth.sso/SAML2/POST'
> 'https://itsmapi.jmu.edu/Shibboleth.sso/SAML2/POST'
You'll need to fix either your SP configuration or your metadata so the two match.
> It appears the SP is sending requests to HTTP-Redirect on our idp and I cant figure out why. The metadata on both instruct HTTP-POST as the primary protocol:
I'm not sure why you're under that impression. The GET example you show seems to come from a third hostname.
> 2019-05-23 18:26:38|Shibboleth-TRANSACTION.AuthnRequest|||https://it-federation-dev.jmu.edu/idp/shibboleth||||||urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect||||||
Take care,
Nate.
More information about the users
mailing list