Enabling HTTP-Redirect Binding

SAML for ASP.NET
1

I’m trying to enable Redirect Binding instead of POST.
I have made the below configuration changes

<PartnerIdentityProvider Name=“<a href=“http://vmclaimapp.local/adfs/services/trust””>http://vmclaimapp.local/adfs/services/trust"
Description=“ADFS”
SignAuthnRequest=“true”
SignLogoutRequest=“true”
WantSAMLResponseSigned=“false”
WantAssertionSigned=“false”
WantAssertionEncrypted=“false”
WantLogoutResponseSigned=“false”
SingleSignOnServiceBinding=“urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”
SingleSignOnServiceUrl=“<a href=“https://vmclaimapp.local/adfs/ls/””>https://vmclaimapp.local/adfs/ls/
SingleLogoutServiceUrl=”<a href=“https://vmclaimapp.local/adfs/ls/?wa=wsignout1.0"”>https://vmclaimapp.local/adfs/ls/?wa=wsignout1.0"
PartnerCertificateFile=“Certificates\adfs.cer”/>

ADFS Endpoint Binding for
https://vmclaimapp.local/ExampleServiceProvider/SAML/AssertionConsumerService.aspx
has been changed from POST to Redirect
https://www.componentspace.com/Forums/Uploads/Images/d4c2403b-14d4-46f5-8078-6094.png

After I login in I get “The message is not an HTTP POST”.



Wanted to know if I have missed any changes in the configuration.

2

The SingleSIgnOnServiceBinding defaults to “urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect”.
If you’re being prompted to login at ADFS it has successfully received the SAML authn request from your service provider application.
As per the SAML v2.0 specification, the SAML response returned to your assertion consumer service cannot be sent using HTTP-Redirect.
The most common binding to use for sending the SAML response is HTTP-Post.
When you call SAMLServiceProvider.ReceiveSSO the expectation is that the SAML response will be sent over HTTP-Post.
The reason the SAML v2.0 specification doesn’t support sending the SAML response over HTTP-Redirect is that the resultant query string parameter would be too long for some browsers.

3

Thank you for the reply. I was going through information on artifact binding and I understand it’s more complex than POST mechanism since IdP server directly communicates with SP server. So I wanted to know if component space supports it & if so are there any implementation references for it.

4

We do support the HTTP-Artifact binding but only through the low-level API. You’ll find this demonstrated in some of the low-level API example projects.
Currently we don’t support HTTP-Artifact through the high-level API.
This is something we may add in the future.
From our experience, HTTP-Artifact is rarely used.