2475720 - SP Initiated login - SAML Request sent as a GET and not a POST

SAP Knowledge Base Article - Public

2475720 - SP Initiated login - SAML Request sent as a GET and not a POST

Symptom

  • SP initiated SSO - SAML Request sent as a GET and not a POST
  • Worry of risk issue using GET vs. POST

Environment

  • BizX Platform

Resolution

  • We send the entire SAML Request as a GET and not a POST.
  • We are compliant with the SAML standard. However, we do want to increase our customer confidence in our technology and would like to address any security issue they see
  • Our future direction and strategy is to use IAS (Identity Authentication Service) as our IDP that connects to the customer IDP. 
  • IAS supports both GET and POST
  • You can find more about the roadmap for IAS integration on the community 

https://community.successfactors.com/successfactors/attachments/successfactors/CCO_Resources/54/16/SAP_ProductRoadmap_SuccessFactors_20170411_Final.pdf

Keywords

  • Single Sign On
  • SSO
  • GET
  • POST
  • IAS
  • SP initiated
  • SAML
, KBA , LOD-SF-PLT-SSO , Single Sign-on , Product Enhancement

Product

SAP SuccessFactors HCM Core all versions