-
1. Re: SPFilter checking principal in non POST methods only
anil.saldhana Aug 18, 2011 3:56 PM (in response to vladimiralbis)I thought for the standalone mode, we only supported the SAML2 HTTP/POST binding. I need to check what the problem here may be.
-
2. Re: SPFilter checking principal in non POST methods only
jorisva Feb 19, 2013 8:32 AM (in response to anil.saldhana)The problem is that the SPFilter always intercepts and redirects every POST request to the SP webapplication. The following code from SPFilter shows that a logged on user is only checked with GET requests to the SP webapplication. I think this check should also be done for POST methods. Thus is a user is authenticated via SAML, there is no additional redirect to the SP.
if (!postMethod && !logOutRequest)
{
//Check if we are already authenticated
if (userPrincipal != null)
{
filterChain.doFilter(servletRequest, servletResponse);
return;
}In other words, in every POST request in my webapplication (for exmaple, filling in a web form and submit the request) redirects to the IDP, authenticates again (with IDP cookie) and a SMAL POST is performedn again and the webform submit data is gone. Is there another way to support this case? Thus performing POST in SP servlets using the SPFilter?
Many thanks in advance!
-
3. Re: SPFilter checking principal in non POST methods only
anil.saldhana Mar 1, 2013 4:41 PM (in response to jorisva)