SAML SSO Binding Type

Andris 11 Reputation points
2022-08-30T14:31:51.757+00:00

In Azure AAD under Enterprise applications for SSO configuration (SAML) is it possible to configure Binding type order, which is represented in Federation Metadata XML file.

In these order our application is not working properly:

<SingleLogoutService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>

When we are changing order manually in Federation Metadata XML file, application is working:

<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<SingleLogoutService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>

HTTP-Redirect and HTTP-POST order for SingleSignOnService.

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,560 questions