We are trying to implement SSO based on SAML2.0 ( SP initiated) where PingFederate is the IDP. After successful authentication from the IDP, the AssertionService URL is correctly invoked by IDP using POST and a proper SAMLResponse is also sent as POST data (can be traced using SAML tracer in firefox) the problem is that from the SAML tracer we can find the POST is immediately getting followed up another HTTP GET with same AssertionService URL without any query parameters and hence the pyACSPOSTBodyContent is not set while the REST service activity runs and hence goes to error step.
We have raised the issue with Customer's SSO team to debug if the GET is initiated somehow from the IDP end but in the mean while also wanted to verify whether anybody else has faced the same problem and whether it is a Pega version specific problem. We are using Pega 7.2.2. Below are the SAML setup details.
IDP Login (SSO) protocol binding: HTTP Redirect.
SP login protocol binding : HTTP POST
***Updated by Moderator: Marissa to update categories***
I suggest enabling Fiddler to capture all of the network traffic. If you start Fiddler early enough in the session, then you should see the mechanism for both the POST and the GET request being returned as a previous response before the POST and GET are actually issued. You should be able to then untangle what is driving each of them.
Posted: 6 years ago
Posted: 8 Apr 2017 20:01 EDT
Kevin Zheng (KevinZheng_GCS)
Director, Technical Support