Shibboleth SP3 is not doing POST

Mak, Steve makst at
Thu Mar 26 08:07:05 EDT 2020

Add this to your <SSO> element:  outgoingBindings="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST

This assumes that the IdP metadata you have has an HTTP-POST SSO Service.

From: users <users-bounces at> on behalf of uraikwar <umesh.raikwar at>
Reply-To: Shib Users <users at>
Date: Thursday, March 26, 2020 at 05:57
To: "users at" <users at>
Subject: Shibboleth SP3 is not doing POST

We have an SP initiated SSO setup for our product which combines Shibboleth SP3 and PingFed IDP. Everything works fine. We are using Shibboleth v3.0.2. Now there is a change in requirement, we need to a show massage to User before redirecting to IPD login page and after successful authentication before redirecting to originating product URL. As per Shibboleth SP3 documentation at It seems that customizing bindingTemplate.html and postTemplate.html can solve my problem. However, it needed to change SAML artifact binding to use POST rather than a redirect. As per documentation found at, postArtifact="true" can change the behaviour. However, doing these changes in shibboleth2.xml, there is no change in behaviour. Still, SP is doing a redirect to IDP and bindingTemplate.html & postTemplate.html not coming in picture. This is my shibboleth2.xml-

<SPConfig xmlns="urn:mace:shibboleth:3.0:native:sp:config"



    <OutOfProcess tranLogFormat="%u|%s|%IDP|%i|%ac|%t|%attr|%n|%b|%E|%S|%SS|%L|%UA|%a" />

    <ApplicationDefaults entityID="PLM-QA-TYPE"

        REMOTE_USER="uid eppn subject-id pairwise-id persistent-id"


        <Sessions lifetime="28800" timeout="3600" relayState="ss:mem"

                  checkAddress="false" handlerSSL="false" cookieProps="http" postTemplate="postTemplate.html">

                       <SSO entityID="" postArtifact="true" template="bindingTemplate.html"

                 discoveryProtocol="SAMLDS" discoveryURL="" >



            <Logout>SAML2 Local</Logout>

            <LogoutInitiator type="Admin" Location="/Logout/Admin" acl=" ::1" />

            <Handler type="MetadataGenerator" Location="/Metadata" signing="false"/>

            <Handler type="Status" Location="/Status" acl=" ::1"/>

            <Handler type="Session" Location="/Session" showAttributeValues="false"/>

            <Handler type="DiscoveryFeed" Location="/DiscoFeed"/>


        <Errors supportContact="root at localhost"



               <MetadataProvider type="XML" validate="true" path="idp-metadata.xml"/>

        <AttributeExtractor type="XML" validate="true" reloadChanges="false" path="attribute-map.xml"/>

        <AttributeFilter type="XML" validate="true" path="attribute-policy.xml"/>

        <CredentialResolver type="File" use="signing"

            key="sp-signing-key.pem" certificate="sp-signing-cert.pem"/>

        <CredentialResolver type="File" use="encryption"

            key="sp-encrypt-key.pem" certificate="sp-encrypt-cert.pem"/>


    <SecurityPolicyProvider type="XML" validate="true" path="security-policy.xml"/>

    <ProtocolProvider type="XML" validate="true" reloadChanges="false" path="protocols.xml"/>

Here, I added postTemplate="postTemplate.html" and postArtifact="true" template="bindingTemplate.html" over existing configuration. Can someone help me to identify, what wrong I am doing? Thanks in advance.
Sent from the Shibboleth - Users mailing list archive<> at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list