SAML Send ProtocolBinding and AssertionConsumerURL in the AuthnRequest
Summary
Some SAML IdP did'nt fallback to the metadata information and fails.
So it would be nice to configure it via the IdP Settings Optional.
Design proposition
Currently manualy with a code addition solved for the problematic SAML IdP:
clement@ader-worteks:~/dev/lemonldap-ng$ git diff
diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
index 1c55d1477..1fba06317 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/Lib/SAML.pm
@@ -869,6 +869,10 @@ sub createAuthnRequest {
# Always allow NameID creation
$request->NameIDPolicy()->AllowCreate(1);
+ # Set AssertionConsumerServiceURL and ProtocolBinding
+ $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST);
+
$request->AssertionConsumerServiceURL("https://auth.example.com/saml/proxySingleSignOnPost");
+
# Force authentication
if ($forceAuthn) {
$self->logger->debug("Force authentication on IDP");
- $request->ProtocolBinding(Lasso::Constants::HTTP_METHOD_POST); In this line something wrong (to less Perl knowing) it sets only number 3 not the Text who's needed ...
Thanks to @clement_oudot fore code