It is not possible to disable signed on HTTP-POST, I've found some 
difficulties to make it on pac4j library (
https://issues.jenkins-ci.org/browse/JENKINS-47966), there is a workaround 
the IIRC works that it is to modify the JENKINS_HOME/saml-sp-metadata.xml 
file manually to disable it, you have to edit the SPSSODescriptor section 
to something like this "<md:SPSSODescriptor AuthnRequestsSigned="false" 
urn:oasis:names:tc:SAML:1.1:protocol">", the inconvenience of that it is 
that every time you modify the security configuration this file would 
change and you will lose your changes.


   - Disable Signature Redirect Binding Auth Request - Disable signature of 
   the Redirect Binding Auth Request 
   (urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect), It is not possible to 
   disable the signature in HTTP-POST binding.

You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to