I have integrated an external SAML 2.0 Identity Provider into my CAS 5.1.0 Server. Everything works fine if the IdP supports HTTP-Redirect binding for the SingleSignOnService. However, if the IdP supports only HTTP-Post Binding, the configuration of the SAML2 Client will fail with the exception:
Identity provider has no single sign on service available for the selected profileorg.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorImpl The reason for this is the Pac4jAuthenticationEventExecutionPlanConfiguration.configureSamlClient() where the destination binding type in the configuration object is hardcoded as (although the default member variable in the SAML2ClientConfiguration holding the binding type is set to SAMLConstants.SAML2_POST_BINDING_URI): cfg.setDestinationBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI); I have two questions about this: 1.) What is the reason of limiting the destination binding type to HTTP-Redirect when pac4j obviously supports both the HTTP-Post and the HTTP-Redirect? 2.) Is there any way to circumvent this? Thank you very much, Filip -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/f5ace5c7-3c32-4977-9e5e-c669ff995224%40apereo.org.