Hi to all and thanks in advance.
We have several Web APIs up and running with SP initiated SAML for SSO using POST binding. However if we've discovered a problem if the first API call is made using POST.
The general architecture is as follows:
SPA - Requests to WebAPI and manages SAML flow.WSO2 IS - SAML IdPAppian - SAML SP and Web APIs
The flow works as follows:
(1) SPA -> Appian /mywebapi?a=b Response: 200 HTML Form with SAML Request(2) SPA -> WSO2 IS,POST SAML Request Response: 200 HTML Form with SAML Assertion(3) SPA -> Appian /AssertionConsumer Response: 302 Location /mywebapi?a=b(4) SPA -> Appian /mywebapi?a=b Response: 200 {result}
Our problem arises when the first call (1) to Appian is a POST with form parameters as the 302 redirect at step (3) does not contain any parameters (obviously) and the WebAPI process fails.
The doubt then is whether Appian supports this kind of flow and if so what are we doing wrong? Do we need to configure anything special? Do we need to do anything at the process level?
Discussion posts and replies are publicly visible