SingleSignOnService Binding HTTP-POST

We are configuring x-pack to integrates with an SSO provider, but unfortunately, this SSO Service exposes only HTTP-POST binding. I saw on X-Pack documentation that it only supports Redirect binding but I would want to know if anyone had this problem and how to solved that.

Our SAML integration only supports HTTP-Redirect to the IdP (it does support HTTP-Post on return from the Idp to Kibana), and I don't think you'll be able to work around that. What IdP do you have that only supports HTTP-Post?

If this is an issue for you, and you have a support or sales contact, then please ask them to raise an Enhancement Request to support HTTP-Post (and include details about the IdP).

Hi Tim!

Thanks for your answer.

The IdP is provided to us by our customer and had developed by themselves.
Only for clarification purposes, is a recommendation (best practice) that the IdP needs to support HTTP-Redirect binding?

Hi Everson,

It is actually more than a recommendation:

Conformance Requirements for theOASIS Security Assertion Markup Language (SAML) V2.0, page 9, all Identity Providers MUST support the HTTP-Redirect binding.

Furthermore, the use of HTTP-Redirect binding is preferred in pretty much all interoperability profiles published, i.e.:

saml2int (now driven by Kantara) in progress version here, current version here

Thanks for your answer!

It was very enlightening.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.