Skip to content

AuthnRequest body via POST #264

Description

@dog5tar

Hi all,

After short code review (lib/Saml2/AuthnRequest.php & lib/Saml2/Auth.php), it looks like php-saml does not support HTTP-POST for request being send from SP to IdP when SSO is initialised.

Is that correct or I'm missing something?

If HTTP-POST is not supported for initial request:

  • shouldn't we be worrying that IdP might respond with "Error 413: Request Entity too large"?
  • what about infosec implications sending request via GET?

A bit more insight is much appreciated!

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions