Http post binding – Google Search Appliance Authentication/Authorization for Enterprise SPI Guide User Manual

Google Search Appliance: Authentication/Authorization for Enterprise SPI Guide

15

HTTP POST Binding

[6d] [6e] With POST Binding, the IdP sends a digitally signed authentication Assertion identifying the
user to the security manager via an HTML form POST through the browser. That is, the Assertion is
digitally signed (XML Digital Signature) using the private key of the IdP. The signed assertion is
embedded as a hidden variable (SAMLResponse) in an HTML form and transmitted directly to the user’s
browser. The HTML page that includes a form should auto-submit (automatically form-submit) to the
security manager URL which is listening for the POST Binding (/security-manager/
samlassertionconsumer). As with the Artifact Binding, the IdP needs to determine the URL of the
security manager on its own (using hard-coded URL or a lookup table based on the ISSUER)

Figure 6: IdP Redirecting with the POST Profile

The following section is taken from the SAML 2.0 Bindings (line 900) [

https://www.oasis-open.org/

standards#saml

].

Note: The RelayState parameter is optional and not specified in this redirect. The IdP sends down the
following HTML page to the browser which will automatically POST to the security manager.

HTTP/1.1 200 OK
Date: 21 Jan 2004 07:00:49 GMT
Content-Type: text/html; charset=iso-8859-1

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

Note: Since your browser does not support JavaScript,
you must press the Continue button once to proceed.