-
Type:
Regression Bug
-
Status: Closed
-
Resolution: Fixed
-
Affects Version/s: 7.0.X, 7.1.X, 7.2.X, 7.3.X, Master
-
Component/s: Application Security > SAML
-
Labels:None
-
Branch Version/s:7.3.x, 7.2.x, 7.1.x, 7.0.x
-
Backported to Branch:Committed
-
Fix Priority:4
-
Sprint:Iteration 49, Iteration 50
-
Git Pull Request:
The filter converts the HTTP-Redirect binding's GET request into a POST request when it builds an auto-submitting HTML form.
Steps to reproduce.
- Configure portal as SAML IDP
- Clear all cookies for portal
- Using a SAML SP which supports sending HTTP-Redirect binding Authn Requests (another portal instance is fine), initiate SSO using this binding.
Expected result: The user lands on the portal/IDP's login screen
Actual result: Generic SAML processing error is shown on UI
Tip: If using portal as SP, you can download the portal IDP's SAML metadata and manually remove the HTTP-POST binding ACS support declaration. i.e.
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://liferaysamlsp.com:8080/c/portal/saml/acs" index="1" isDefault="true"/>
Save to an .xml file and upload via the portal's IDP connection configuration screen. This will prevent portal from sending HTTP-Post messages the the IDP. It will instead use other bindings that are declared. Which should only be HTTP-Redirect . i.e.
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://liferaysamlsp.com:8080/c/portal/saml/acs" index="1" isDefault="true"/>
- is caused by
-
LPS-108070 Handle new SameSite=Lax default in cookies in SAML
- Closed