+ Start a Discussion
sg99sg99 

SAML SSO via HTTP-Redirect

Am doing a test drive for SAML SSO from OpenAM to SF.com.

 

IDP: OpenAM

SP: https://saml.salesforce.com

 

I created a sub-domain for my account and enabled SAML for SSO. When I enter my subdomain URL, I am redirected to my IDP's login page with a SAML Authentication Request via HTTP-POST binding. How can we configure SF.com to send this SAML Authentication request via HTTP-Redirect binding? Is it supported? If so, how do i configure this?

 

I have an account in the Developer Edition.

 

Thanks
 

CrocketCrocket

When you export your metadata you should see the following tag:

 

   <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="test.salesforce.com?saml=..."

 

The above binding can be "..HTTP-Redirect", which I believe instructs the IDP to send the protocol messages as URL parameters, as opposed to the POST associated (BASE64) body content.  Check out the 'bindings' document here:

 

 h**p://docs.oasis-open.org/security/saml/v2.0/