SAP Knowledge Base Article - Public

2475720 - SP Initiated login - SAML Request sent as a GET and not a POST

Symptom

  • SP initiated SSO - SAML Request sent as a GET and not a POST
  • Worry of risk issue using GET vs POST

Environment

SAP SuccessFactors HXM Suite

Resolution

  • We send the entire SAML Request as a GET and not a POST.
  • We are compliant with the SAML standard. However, we do want to increase our customer confidence in our technology and would like to address any security issue they see
  • Our future direction and strategy is to use IAS (Identity Authentication Service) as our IDP that connects to the customer IDP. 
  • IAS supports both GET and POST  

Keywords

Single Sign On, SSO, GET, POST, IAS, SP initiated, SAML , KBA , LOD-SF-PLT-SSO , Single Sign-on , Product Enhancement

Product

SAP SuccessFactors HXM Suite all versions