Reputation: 16
Signification of Identity provider Binding
I am implementing SSO using an external Identity provider to which I do not have access yet.
The IDP metadata IDPSSODescriptor has one SingleSignOnService tag with a binding value of: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
Does this imply that I cannot initiate an authentication request to the SingleSignOnService location with a GET request or that the service will respond with a POST request?
Upvotes: 0
Views: 406
Answers (1)
Reputation: 3351
It means that the protocol endpoints that you will interact with expect POST interaction from the client (typically a browser). This is required these days for sending the assertion from the IdP to SP, but Redirect is usually acceptable in the case of the SP sending an AuthnRequest to the IdP.
Upvotes: 1
Related Questions
- Identity Provider Implementation with SAML V2 and Java
- SAML SSO how does it work?
- sp initiated saml sso authentication
- Enterprise Single Sign On
- AEM 6.2 SSO (SAML) Integration
- Dependencies in Single Sign On
- SSO using Identity Server with SAML 2 with other Identity Providers
- How does SAML solve SSO?
- SAML user provisioning
- SAMLv2 SP initiated: One Service Provider and multiple Identity Providers