Delegated SAML 2.0 IDP integration - no support for HTTP-Post Binding

[Filip Majernik]

I have integrated an external SAML 2.0 Identity Provider into my CAS 5.1.0 Server. Everything works fine if the IdP supports HTTP-Redirect binding for the SingleSignOnService. However, if the IdP supports only HTTP-Post Binding, the configuration of the SAML2 Client will fail with the exception:

Identity provider has no single sign on service available for the selected profileorg.opensaml.saml.saml2.metadata.impl.IDPSSODescriptorImpl

The reason for this is the Pac4jAuthenticationEventExecutionPlanConfiguration.configureSamlClient() where the destination binding type in the configuration object is hardcoded as (although the default member variable in the SAML2ClientConfiguration holding the binding type is set to SAMLConstants.SAML2_POST_BINDING_URI):

cfg.setDestinationBindingType(SAMLConstants.SAML2_REDIRECT_BINDING_URI);

I have two questions about this:

1.) What is the reason of limiting the destination binding type to HTTP-Redirect when pac4j obviously supports both the HTTP-Post and the HTTP-Redirect?

2.) Is there any way to circumvent this?

Thank you very much,

Filip