+ Start a Discussion

SAML SSO via HTTP-Redirect

Am doing a test drive for SAML SSO from OpenAM to SF.com.



SP: https://saml.salesforce.com


I created a sub-domain for my account and enabled SAML for SSO. When I enter my subdomain URL, I am redirected to my IDP's login page with a SAML Authentication Request via HTTP-POST binding. How can we configure SF.com to send this SAML Authentication request via HTTP-Redirect binding? Is it supported? If so, how do i configure this?


I have an account in the Developer Edition.




When you export your metadata you should see the following tag:


   <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="test.salesforce.com?saml=..."


The above binding can be "..HTTP-Redirect", which I believe instructs the IDP to send the protocol messages as URL parameters, as opposed to the POST associated (BASE64) body content.  Check out the 'bindings' document here: