SAP Knowledge Base Article - Public

2475720 - SP Initiated login - SAML Request sent as a GET and not a POST


  • SP initiated SSO - SAML Request sent as a GET and not a POST
  • Worry of risk issue using GET vs POST


SAP SuccessFactors HXM Suite


  • We send the entire SAML Request as a GET and not a POST.
  • We are compliant with the SAML standard. However, we do want to increase our customer confidence in our technology and would like to address any security issue they see
  • Our future direction and strategy is to use IAS (Identity Authentication Service) as our IDP that connects to the customer IDP. 
  • IAS supports both GET and POST  


Single Sign On, SSO, GET, POST, IAS, SP initiated, SAML , KBA , LOD-SF-PLT-SSO , Single Sign-on , Product Enhancement


SAP SuccessFactors HXM Suite all versions