function readOnly(count){ }
Sign Up ›
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
Learn More

Browse by Topic
ShowAll Questionssorted byDate Posted
+ Start a Discussion
sg99sg99 

SAML SSO via HTTP-Redirect

Am doing a test drive for SAML SSO from OpenAM to SF.com.

 

IDP: OpenAM

SP: https://saml.salesforce.com

 

I created a sub-domain for my account and enabled SAML for SSO. When I enter my subdomain URL, I am redirected to my IDP's login page with a SAML Authentication Request via HTTP-POST binding. How can we configure SF.com to send this SAML Authentication request via HTTP-Redirect binding? Is it supported? If so, how do i configure this?

 

I have an account in the Developer Edition.

 

Thanks
 

CrocketCrocket

When you export your metadata you should see the following tag:

 

   <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="test.salesforce.com?saml=..."

 

The above binding can be "..HTTP-Redirect", which I believe instructs the IDP to send the protocol messages as URL parameters, as opposed to the POST associated (BASE64) body content.  Check out the 'bindings' document here:

 

 h**p://docs.oasis-open.org/security/saml/v2.0/