SAML Response not found, Only supported HTTP_POST Binding

[siberian-devsky]

Proposed Labels: [help wanted, question]

I am wondering if this is just a simple misconfiguration on my part. This is definitely my first SSO rodeo so I am just looking for some generic advice based on the data I supply below.

Specifically the exception I am hitting in onelogin's lib is here:

File "/opt/bitnami/python/lib/python3.10/site-packages/onelogin/saml2/auth.py", line 139, in process_response raise OneLogin_Saml2_Error( onelogin.saml2.errors.OneLogin_Saml2_Error: SAML Response not found, Only supported HTTP_POST Binding

This is decoded SAML response from our (internal) IdP:

<samlp:Response Version="2.0" ID="Redacted" IssueInstant="2023-10-13T18:32:14.503Z" InResponseTo="ONELOGIN_Redacted" Destination="https://service.com/saml" xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol">

Redacted.UAT.SAML2.0 Redacted Redacted ProtocolBinding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect disallowed for transport of SSO response. And here is my IdP configuration; as you can see, the IdP binding is set to HTTP-POST: { "strict": True, "debug": True, "idp": { "entityId": "Redacted.UAT.SAML2.0", "singleSignOnService": { "url": "https://pf-uat.us.com/idp/SSO.saml2", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }, "x509cert": "Redacted" }, "sp": { "entityId": "https://service.com", "assertionConsumerService": { "url": "https://service.com/saml", "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" } }, "security": { "wantAttributeStatement": False } }

[pitbulk]

The error "SAML Response not found, Only supported HTTP_POST Binding" is raised when no SAMLResponse is sent at the POST of the request.

Maybe the IdP sent the SAMLResponse via HTTP_Redirect or maybe you directly accessed the ACS endpoint.