SAML POST to SP becomes GET when an info is displayed
Concerned version
Version: 2.0.7
Platform: (Nginx/Apache/Node.js)
Summary
- Configure a SAML sp
- Configure singleSession = 1
- Log in
- Clear all cookies so that the session still exists in LLNG
- Browse to the SAML SP
- Fill in login form
- LLNG displays a form notification about killing previous sessions
- LLNG sends you to the SAML assertion consumer with a GET instead of a POST, which causes things like 405 errors, or other failures
::Portal::Main::Run contains this code:
# Display info before redirecting
if ( $req->info() ) {
$req->{infoFormMethod} = $req->param('method') || "post";
return PE_INFO;
}
I thinks this is a regression from 1.9