SAML SSO Binding Type

Andris 16 Reputation points
2022-08-30T14:31:51.757+00:00

In Azure AAD under Enterprise applications for SSO configuration (SAML) is it possible to configure Binding type order, which is represented in Federation Metadata XML file.

In these order our application is not working properly:

<SingleLogoutService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>

When we are changing order manually in Federation Metadata XML file, application is working:

<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"/>
<SingleLogoutService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>
<SingleSignOnService Location="https://login.microsoftonline.com/7705c2da-6189-44e0-8946-27cb4b13dfb7/saml2" Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"/>

HTTP-Redirect and HTTP-POST order for SingleSignOnService.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,617 questions
{count} votes