If you configure user_saml to force SAML authentication, every request will get redirected to the SAML IdP/WAYF. This causes every desktop/mobile client to break, because they get unexpected 302 responses.
I have applied a dirty fix that detects known client User-Agents and doesn't force the SAML login for them, but I'm pretty sure there has to be a cleaner way to do that.
If you configure user_saml to force SAML authentication, every request will get redirected to the SAML IdP/WAYF. This causes every desktop/mobile client to break, because they get unexpected 302 responses.
I have applied a dirty fix that detects known client User-Agents and doesn't force the SAML login for them, but I'm pretty sure there has to be a cleaner way to do that.