I have integrated an external SAML 2.0 Identity Provider into my CAS 5.1.0 Server. Everything works fine if the IdP supports HTTP-Redirect binding for the SingleSignOnService. However, if the IdP supports only HTTP-Post Binding, the configuration of the SAML2 Client will fail with the exception:
Identity provider has no single sign on service available for the selected profileorg.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorImpl The reason for this is the Pac4jAuthenticationEventExecutionPlanConfiguration.configureSamlClient() where the destination binding type in the configuration object is hardcoded as (although the default member variable in the SAML2ClientConfiguration holding the binding type is set to SAMLConstants.SAML2_POST_BINDING_URI): cfg.setDestinationBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI); I have two questions about this: 1.) What is the reason of limiting the destination binding type to HTTP-Redirect when pac4j obviously supports both the HTTP-Post and the HTTP-Redirect? 2.) Is there any way to circumvent this? Thank you very much, Filip -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ace5c7-3c32-4977-9e5e-c669ff995224%40apereo.org.
