Hi, It is not possible to disable signed on HTTP-POST, I've found some difficulties to make it on pac4j library ( https://issues.jenkins-ci.org/browse/JENKINS-47966), there is a workaround the IIRC works that it is to modify the JENKINS_HOME/saml-sp-metadata.xml file manually to disable it, you have to edit the SPSSODescriptor section to something like this "<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">", the inconvenience of that it is that every time you modify the security configuration this file would change and you will lose your changes.
https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md - Disable Signature Redirect Binding Auth Request - Disable signature of the Redirect Binding Auth Request (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect), It is not possible to disable the signature in HTTP-POST binding. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8ca7b6e4-5867-42d2-b4f0-415a434f300e%40googlegroups.com.
