SAML Send ProtocolBinding and AssertionConsumerURL in the AuthnRequest (#2176) · Issues · LemonLDAP NG / lemonldap-ng

SAML Send ProtocolBinding and AssertionConsumerURL in the AuthnRequest

Summary

Some SAML IdP did'nt fallback to the metadata information and fails.

So it would be nice to configure it via the IdP Settings Optional.

Design proposition

Currently manualy with a code addition solved for the problematic SAML IdP:

clement@ader-worteks:~/dev/lemonldap-ng$ git diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index 1c55d1477..1fba06317 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -869,6 +869,10 @@ sub createAuthnRequest {
     # Always allow NameID creation
     $request->NameIDPolicy()->AllowCreate(1);
 
+    # Set AssertionConsumerServiceURL and ProtocolBinding 
+    $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST);
+   
$request->AssertionConsumerServiceURL("https://auth.example.com/saml/proxySingleSignOnPost");
+
     # Force authentication
     if ($forceAuthn) {
         $self->logger->debug("Force authentication on IDP");

$request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST); In this line something wrong (to less Perl knowing) it sets only number 3 not the Text who's needed ...

Thanks to @clement_oudot fore code 😄

### Summary

Some SAML IdP did'nt fallback to the metadata information and fails.

So it would be nice to configure it via the IdP Settings Optional.

### Design proposition

Currently manualy with a code addition solved for the problematic SAML IdP:

```
clement@ader-worteks:~/dev/lemonldap-ng$ git diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index 1c55d1477..1fba06317 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -869,6 +869,10 @@ sub createAuthnRequest {
     # Always allow NameID creation
     $request->NameIDPolicy()->AllowCreate(1);
 
+    # Set AssertionConsumerServiceURL and ProtocolBinding 
+    $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST);
+   
$request->AssertionConsumerServiceURL("https://auth.example.com/saml/proxySingleSignOnPost");
+
     # Force authentication
     if ($forceAuthn) {
         $self->logger->debug("Force authentication on IDP");
```
+    $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST); In this line something wrong (to less Perl knowing) it sets only number 3 not the Text who's needed ...

Thanks to @clement_oudot fore code :smile:

Edited Apr 24, 2020 by René Linder