SAML IdP not working when SP uses POST method

Question

We have a SAML IdP setup that has been working well for us but I have run into an SP that I am unable to authenticate for.  When performing SAML Tracer, I found that all working SPs are using a GET message to the F5.  For the new SP, it is using a POST.  The behavior for the browser is to authenticate and then nothing.  It is just like when you send an invalid SAMLRequest.  Has anyone seen this and know what I may be doing wrong?  Or is this a limitation of the F5 APM module?&nbsp;
WORKING:&nbsp;
GET https://idp.domain.com/saml/idp/profile/redirectorpost/sso?SAMLRequest=hZLLTsMwEEX3fEXkfeI4fa.....etc
NOT WORKING:&nbsp;
POST https://idp.domain.com/saml/idp/profile/redirectorpost/sso?binding=urn%3aoasis%3anames%3atc%3aSAML%3a2.0%3abindings%3aHTTP-POST&amp;LoginToRp=NAMEID

schmuck · Answer

We had a similar issue with POST vs Redirect. We were authenticating users via transparent Kerberos. After authentication, the SAML data was missing from the request when using a POST. A Redirect binding worked fine. You should be able to see the actual AuthNRequest in SAML Tracer or other tool. Does it still exist after authentication to the APM?

p_k · Answer

did you configure POST on both sides( IdP &amp; SP)?&nbsp;

Forum Discussion

SAML IdP not working when SP uses POST method

Recent Discussions

AS3 Limitations

Diameter iRules attachment?

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

Related Content

Enable SAML Service Provider on F5 Distributed Cloud Application

HTTP method conversion

APM Cookbook: SAML IdP Chaining

SAML SLO Error

APM combining SAML and AD to work together

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS