Hi, It is not possible to disable signed on HTTP-POST, I've found some difficulties to make it on pac4j library ( https://issues.jenkins-ci.org/browse/JENKINS-47966), there is a workaround the IIRC works that it is to modify the JENKINS_HOME/saml-sp-metadata.xml file manually to disable it, you have to edit the SPSSODescriptor section to something like this "<md:SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.0:protocol urn:oasis:names:tc:SAML:1.1:protocol">", the inconvenience of that it is that every time you modify the security configuration this file would change and you will lose your changes.
https://github.com/jenkinsci/saml-plugin/blob/master/doc/CONFIGURE.md - Disable Signature Redirect Binding Auth Request - Disable signature of the Redirect Binding Auth Request (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect), It is not possible to disable the signature in HTTP-POST binding. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/8ca7b6e4-5867-42d2-b4f0-415a434f300e%40googlegroups.com.