Internal SP Using HTTP-Redirect instead of HTTP-POST

Nate Klingenstein ndk at
Thu May 23 18:56:05 EDT 2019


> In an effort to create a uniform login experience, complete with MFA, our organization has opted to deploy internal SPs.

Grand.  I think that was an excellent decision.  Regarding your issue...

Assuming it wasn't inserted or modified by you or your email client, I would look more closely at this:

>  candidate endpoint location ''
>  ''

You'll need to fix either your SP configuration or your metadata so the two match.

> It appears the SP is sending requests to HTTP-Redirect on our idp and I cant figure out why. The metadata on both instruct HTTP-POST as the primary protocol:

I'm not sure why you're under that impression.  The GET example you show seems to come from a third hostname.

> 2019-05-23 18:26:38|Shibboleth-TRANSACTION.AuthnRequest|||||||||urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect||||||

Take care,

More information about the users mailing list