HTTP-Redirect for Assertions Consumer Service #70
Comments
|
Why you need HTTP-Redirect for the Assertions Consumer Service endpoint? I don't know any IdP that is not able to send a SAML Response using the HTTP-POST binding. Is not too hard, it requires some changes on the response.py, but as you mention this will add more complexity and for me makes no sense. If you have a project that requires it, you can use another SAML toolkit that support it like pysaml2 |
|
The idea is to support many IdPs on my project, and I do have encountered one that requires HTTP-Redirect. |
|
You can create a fork with that functionality and I can help you to implement it. You can extend the current OneLogin_Saml2_Response to OneLogin_Saml2_Response_Post and OneLogin_Saml2_Response_Redirect. Keep the common code at OneLogin_Saml2_Response and put the Signature validation in each subclass. (Notice that at the LogoutRequest/LogoutResponse class you already have code to validate Signatures of the HTTP-Redirect binding). At the process_response of the OneLogin_Saml2_Auth you may build one or other object. |
|
Thank you. |
|
I don't know if later we will merge all those changes on the master branch, but I have no problem creating a new branch with all those "rare" behavior that some of you suggested in the past. |
|
Review #78 (comment) |
I understand that HTTP-Redirect is not a supported binding for the Assertions Consumer Service,
Was this just to keep the toolkip simple?
Would this be a welcome feature/PR?
I'm not a SAML2 expert so,
Do you think this would required a big effort?
Thanks
The text was updated successfully, but these errors were encountered: