Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST binding support for authnrequest #523

Closed
ismailaksim opened this issue May 19, 2022 · 4 comments
Closed

POST binding support for authnrequest #523

ismailaksim opened this issue May 19, 2022 · 4 comments
Labels
question

Comments

@ismailaksim
Copy link

Hello Everyone,

I hope you are doing well,
I wanna ask about is there a way to make my authnrequest to support POST Binding or its impossible, I found some posts here about that but I don't know if you did add this functionnality or its still impossible to do that.

thank you
@pitbulk
Copy link
Contributor

pitbulk commented Dec 29, 2022

Is possible to extend the toolkit in order to have the POST Binding support for AuthNRequest, in fact, there is already a PR to add such support: #422

But as discussed on this PR and other tickets, I'm not adding officially this feature to the toolkit as this will add complexity to the toolkit and I want to keep it as easy as possible. But feel free to extend the extension to cover your use cases.

@pitbulk pitbulk closed this as completed Dec 29, 2022
@plufz
Copy link

plufz commented Oct 20, 2023

First I want to say that I think that this is a great library and it has been a joy to use, clear error messages and easy to grasp documentation. Thank you!

From what I understand the reason you are not implementing this is because OneLogin does not use HTTP POST as you stated in #92. I selected the library because it described itself as a general library "SAML PHP toolkit let you build a SP (Service Provider) over your PHP application and connect it to any IdP (Identity Provider).".

My customer wants to use HTTP POST for their IdP and from what I can see in different issues here, some other people also would really like POST support. I would rather not maintain a fork, especially on a library that is security related, and the existing PR seems to make changes to the standard files. Can HTTP POST be implemented with the current toolkit without forking?

@pitbulk
Copy link
Contributor

pitbulk commented Oct 20, 2023

@plufz, the real reason can be found here.

HTTP-Redirect binding is the one that the SAML standard set as mandatory for AuthRequest, LogoutRequest and LogoutResponse, that way the SAML toolkits support this binding for such messages, and expect SAMLResponses using HTTP-POST as the standard also mandates.

Which IdP are you using that does not support HTTP-Redirect binding on AuthRequests?

@plufz
Copy link

plufz commented Oct 20, 2023

@pitbulk That was a very reasonable answer, thank you for the quick and informed reply. My customer do support HTTP-Redirect but they said that they prefer POST. But if HTTP-Redirect is mandatory in the standard I think I can stand my ground in relation to my customer. ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pitbulk @plufz @ismailaksim