[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

mod_auth_saml: Change auth request from GET to POST possible?

Hi list,

I'm having a problem with authentication request signing when using
username/password in order to authenticate against my Idp.
When I turn off signing (AUTHN_REQ_SIGN=0) it works just fine. When I leave it on
I get an error in my broser:

SAML Fail what(SAMLresp) msg(The digital signature of the received SAML2 message is invalid.)
SC1(urn:oasis:names:tc:SAML:2.0:status:Requester) subcode(urn:oasis:names:tc:SAML:2.0:status:RequestDenied)

We have checked the metadata files on both sides and everything looks OK.
x509 authentication works just fine with signing enabled.

My Idp is requesting me to have mod_auth_saml send the SAML authentication request via POST,
not via GET like it is now.
Is that configurable? I went through the documentation but could not find
a suitable variable.