SAML: add POST binding to SAML services (#75)

modules/lemonldap-ng-manager/example/skins/default/manager.js

@@ -567,6 +567,7 @@ function samlService(id) {
 	var t=lmdata(id).split(';');
 	formateSelect('samlServiceBinding',[
 		'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect=HTTP Redirect',
+		'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST=HTTP POST',
 		'urn:oasis:names:tc:SAML:2.0:bindings:SOAP=SOAP'
 		],t[0]);
 	$('#samlServiceLocation').attr('value',t[1]);

modules/lemonldap-ng-manager/example/skins/default/manager.tpl

@@ -344,9 +344,9 @@
        <td><lang en="Index" fr="Index"/></td>
        <td><input type="text" size="50" id="samlAssertionIndex" /></td>
       </tr>
-      <tr class="hidden">
+      <tr>
        <td><lang en="Binding" fr="Binding"/></td>
-       <td><select id="samlAssertionBinding"></select></td>
+       <td><select disabled="disabled" id="samlAssertionBinding"></select></td>
       </tr>
       <tr>
        <td><lang en="Location" fr="URL"/></td>
@@ -362,9 +362,9 @@
     <!-- samlService -->
     <div id="content_samlService" class="hidden">
      <table>
-      <tr class="hidden">
+      <tr>
        <td><lang en="Binding" fr="Binding"/></td>
-       <td><select id="samlServiceBinding"></select></td>
+       <td><select disabled="disabled" id="samlServiceBinding"></select></td>
       </tr>
       <tr>
        <td><lang en="Location" fr="URL"/></td>

modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_Struct.pm

@@ -666,12 +666,15 @@ sub struct {
 
                 samlSPSSODescriptorSingleLogoutService => {
                     _nodes => [
-                        qw(samlSPSSODescriptorSingleLogoutServiceHTTP
+                        qw(samlSPSSODescriptorSingleLogoutServiceHTTPRedirect
+                          samlSPSSODescriptorSingleLogoutServiceHTTPPost
                           samlSPSSODescriptorSingleLogoutServiceSOAP)
                     ],
                     _help => 'default',
-                    samlSPSSODescriptorSingleLogoutServiceHTTP =>
-                      'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTP',
+                    samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
+'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTPRedirect',
+                    samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
+'samlService:/samlSPSSODescriptorSingleLogoutServiceHTTPPost',
                     samlSPSSODescriptorSingleLogoutServiceSOAP =>
                       'samlService:/samlSPSSODescriptorSingleLogoutServiceSOAP',
                 },
@@ -736,24 +739,30 @@ sub struct {
 
                 samlIDPSSODescriptorSingleSignOnService => {
                     _nodes => [
-                        qw(samlIDPSSODescriptorSingleSignOnServiceHTTP
+                        qw(samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect
+                          samlIDPSSODescriptorSingleSignOnServiceHTTPPost
                           samlIDPSSODescriptorSingleSignOnServiceSOAP)
                     ],
                     _help => 'default',
-                    samlIDPSSODescriptorSingleSignOnServiceHTTP =>
-'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTP',
+                    samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
+'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect',
+                    samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
+'samlService:/samlIDPSSODescriptorSingleSignOnServiceHTTPPost',
                     samlIDPSSODescriptorSingleSignOnServiceSOAP =>
 'samlService:/samlIDPSSODescriptorSingleSignOnServiceSOAP',
                 },
 
                 samlIDPSSODescriptorSingleLogoutService => {
                     _nodes => [
-                        qw(samlIDPSSODescriptorSingleLogoutServiceHTTP
+                        qw(samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect
+                          samlIDPSSODescriptorSingleLogoutServiceHTTPPost
                           samlIDPSSODescriptorSingleLogoutServiceSOAP)
                     ],
                     _help => 'default',
-                    samlIDPSSODescriptorSingleLogoutServiceHTTP =>
-'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTP',
+                    samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
+'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect',
+                    samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
+'samlService:/samlIDPSSODescriptorSingleLogoutServiceHTTPPost',
                     samlIDPSSODescriptorSingleLogoutServiceSOAP =>
 'samlService:/samlIDPSSODescriptorSingleLogoutServiceSOAP',
                 },
@@ -1123,7 +1132,8 @@ sub testStruct {
         samlOrganizationURL                        => $testNotDefined,
         samlSPSSODescriptorAuthnRequestsSigned     => $boolean,
         samlSPSSODescriptorKeyDescriptorSigning    => $testNotDefined,
-        samlSPSSODescriptorSingleLogoutServiceHTTP => $testNotDefined,
+        samlSPSSODescriptorSingleLogoutServiceHTTPRedirect => $testNotDefined,
+        samlSPSSODescriptorSingleLogoutServiceHTTPPost     => $testNotDefined,
         samlSPSSODescriptorSingleLogoutServiceSOAP => $testNotDefined,
         samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
           $testNotDefined,
@@ -1136,9 +1146,11 @@ sub testStruct {
         samlSPSSODescriptorNameIDFormatTransient             => $boolean,
         samlIDPSSODescriptorWantAuthnRequestsSigned          => $boolean,
         samlIDPSSODescriptorKeyDescriptorSigning             => $testNotDefined,
-        samlIDPSSODescriptorSingleSignOnServiceHTTP          => $testNotDefined,
+        samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect  => $testNotDefined,
+        samlIDPSSODescriptorSingleSignOnServiceHTTPPost      => $testNotDefined,
         samlIDPSSODescriptorSingleSignOnServiceSOAP          => $testNotDefined,
-        samlIDPSSODescriptorSingleLogoutServiceHTTP          => $testNotDefined,
+        samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect  => $testNotDefined,
+        samlIDPSSODescriptorSingleLogoutServiceHTTPPost      => $testNotDefined,
         samlIDPSSODescriptorSingleLogoutServiceSOAP          => $testNotDefined,
         samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
           $testNotDefined,
@@ -1299,12 +1311,18 @@ sub defaultConf {
         samlSPMetaDataOptionsCheckSLOMessageSignature  => '1',
         samlSPSSODescriptorAuthnRequestsSigned         => '0',
         samlSPSSODescriptorKeyDescriptorSigning        => '',
-        samlSPSSODescriptorSingleLogoutServiceHTTP =>
+        samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
           'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;' 
           . $portal
           . '/saml/proxySingleLogout;'
           . $portal
           . '/saml/proxySingleLogoutReturn',
+        samlSPSSODescriptorSingleLogoutServiceHTTPPost =>
+          'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;' 
+          . $portal
+          . '/saml/proxySingleLogout;'
+          . $portal
+          . '/saml/proxySingleLogoutReturn',
         samlSPSSODescriptorSingleLogoutServiceSOAP =>
           'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;' 
           . $portal
@@ -1330,20 +1348,30 @@ sub defaultConf {
         samlSPSSODescriptorNameIDFormatTransient       => '0',
         samlIDPSSODescriptorWantAuthnRequestsSigned    => '0',
         samlIDPSSODescriptorKeyDescriptorSigning       => '',
-        samlIDPSSODescriptorSingleSignOnServiceHTTP =>
+        samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
           'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;' 
           . $portal
           . '/saml/singleSignOn;',
+        samlIDPSSODescriptorSingleSignOnServiceHTTPPost =>
+          'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;' 
+          . $portal
+          . '/saml/singleSignOn;',
         samlIDPSSODescriptorSingleSignOnServiceSOAP =>
           'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;' 
           . $portal
           . '/saml/singleSignOnSOAP;',
-        samlIDPSSODescriptorSingleLogoutServiceHTTP =>
+        samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
           'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect;' 
           . $portal
           . '/saml/singleLogout;'
           . $portal
           . '/saml/singleLogoutReturn',
+        samlIDPSSODescriptorSingleLogoutServiceHTTPPost =>
+          'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST;' 
+          . $portal
+          . '/saml/singleLogout;'
+          . $portal
+          . '/saml/singleLogoutReturn',
         samlIDPSSODescriptorSingleLogoutServiceSOAP =>
           'urn:oasis:names:tc:SAML:2.0:bindings:SOAP;' 
           . $portal

modules/lemonldap-ng-manager/lib/Lemonldap/NG/Manager/_i18n.pm

@@ -269,8 +269,9 @@ sub en {
           'Signed Authentication Request',
         samlSPSSODescriptorKeyDescriptorSigning     => 'Signing Key',
         samlSPSSODescriptorSingleLogoutService      => 'Single Logout',
-        samlSPSSODescriptorSingleLogoutServiceHTTP  => 'HTTP Service',
-        samlSPSSODescriptorSingleLogoutServiceSOAP  => 'SOAP Service',
+        samlSPSSODescriptorSingleLogoutServiceHTTPRedirect => 'HTTP Redirect',
+        samlSPSSODescriptorSingleLogoutServiceHTTPPost     => 'HTTP POST',
+        samlSPSSODescriptorSingleLogoutServiceSOAP         => 'SOAP',
         samlSPSSODescriptorAssertionConsumerService => 'Assertion Consumer',
         samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
           'HTTP Artifact',
@@ -289,11 +290,13 @@ sub en {
           'Signed Authentication Request',
         samlIDPSSODescriptorKeyDescriptorSigning      => 'Signing Key',
         samlIDPSSODescriptorSingleSignOnService       => 'Single Sign on',
-        samlIDPSSODescriptorSingleSignOnServiceHTTP   => 'HTTP Service',
-        samlIDPSSODescriptorSingleSignOnServiceSOAP   => 'SOAP Service',
+        samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect => 'HTTP Redirect',
+        samlIDPSSODescriptorSingleSignOnServiceHTTPPost     => 'HTTP POST',
+        samlIDPSSODescriptorSingleSignOnServiceSOAP         => 'SOAP',
         samlIDPSSODescriptorSingleLogoutService       => 'Single Logout',
-        samlIDPSSODescriptorSingleLogoutServiceHTTP   => 'HTTP Service',
-        samlIDPSSODescriptorSingleLogoutServiceSOAP   => 'SOAP Service',
+        samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect => 'HTTP Redirect',
+        samlIDPSSODescriptorSingleLogoutServiceHTTPPost     => 'HTTP POST',
+        samlIDPSSODescriptorSingleLogoutServiceSOAP         => 'SOAP',
         samlIDPSSODescriptorArtifactResolutionService => 'Artifact Resolution',
         samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
           'Artifact Service',
@@ -302,8 +305,8 @@ sub en {
         samlIDPSSODescriptorNameIDFormatPersistent      => 'Persistent',
         samlIDPSSODescriptorNameIDFormatTransient       => 'Transient',
         samlIDPSSODescriptorManageNameIDService         => 'NameID Manager',
-        samlIDPSSODescriptorManageNameIDServiceHTTP     => 'HTTP Service',
-        samlIDPSSODescriptorManageNameIDServiceSOAP     => 'SOAP Service',
+        samlIDPSSODescriptorManageNameIDServiceHTTP     => 'HTTP Redirect',
+        samlIDPSSODescriptorManageNameIDServiceSOAP     => 'SOAP',
     };
 }
 
@@ -536,8 +539,10 @@ sub fr {
           'Requête d\'authentification signé',
         samlSPSSODescriptorKeyDescriptorSigning     => 'Clef de signature',
         samlSPSSODescriptorSingleLogoutService      => 'Single Logout',
-        samlSPSSODescriptorSingleLogoutServiceHTTP  => 'Service HTTP',
-        samlSPSSODescriptorSingleLogoutServiceSOAP  => 'Service SOAP',
+        samlSPSSODescriptorSingleLogoutServiceHTTPRedirect =>
+          'Redirection HTTP',
+        samlSPSSODescriptorSingleLogoutServiceHTTPPost => 'POST HTTP',
+        samlSPSSODescriptorSingleLogoutServiceSOAP     => 'SOAP',
         samlSPSSODescriptorAssertionConsumerService => 'Assertions',
         samlSPSSODescriptorAssertionConsumerServiceHTTPArtifact =>
           'HTTP Artifact',
@@ -557,11 +562,15 @@ sub fr {
           'Requête d\'authentification signé',
         samlIDPSSODescriptorKeyDescriptorSigning    => 'Clef de signature',
         samlIDPSSODescriptorSingleSignOnService     => 'Single Sign on',
-        samlIDPSSODescriptorSingleSignOnServiceHTTP => 'Service HTTP',
-        samlIDPSSODescriptorSingleSignOnServiceSOAP => 'Service SOAP',
+        samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect =>
+          'Redirection HTTP',
+        samlIDPSSODescriptorSingleSignOnServiceHTTPPost => 'POST HTTP',
+        samlIDPSSODescriptorSingleSignOnServiceSOAP     => 'SOAP',
         samlIDPSSODescriptorSingleLogoutService     => 'Single Logout',
-        samlIDPSSODescriptorSingleLogoutServiceHTTP => 'Service HTTP',
-        samlIDPSSODescriptorSingleLogoutServiceSOAP => 'Service SOAP',
+        samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect =>
+          'Redirection HTTP',
+        samlIDPSSODescriptorSingleLogoutServiceHTTPPost => 'POST HTTP',
+        samlIDPSSODescriptorSingleLogoutServiceSOAP     => 'SOAP',
         samlIDPSSODescriptorArtifactResolutionService =>
           'Résolution d\'Artifact',
         samlIDPSSODescriptorArtifactResolutionServiceArtifact =>
@@ -571,8 +580,8 @@ sub fr {
         samlIDPSSODescriptorNameIDFormatPersistent      => 'Persistant',
         samlIDPSSODescriptorNameIDFormatTransient       => 'Temporaire',
         samlIDPSSODescriptorManageNameIDService     => 'Gestionnaire de NameID',
-        samlIDPSSODescriptorManageNameIDServiceHTTP => 'Service HTTP',
-        samlIDPSSODescriptorManageNameIDServiceSOAP => 'Service SOAP',
+        samlIDPSSODescriptorManageNameIDServiceHTTP => 'Redirection HTTP',
+        samlIDPSSODescriptorManageNameIDServiceSOAP => 'SOAP',
     };
 }
 

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/AuthSAML.pm

@@ -51,10 +51,16 @@ sub extractFormInfo {
       $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceSOAP", 1 );
     my $saml_slo_soap_url_ret =
       $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceSOAP", 2 );
-    my $saml_slo_get_url =
-      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTP", 1 );
-    my $saml_slo_get_url_ret =
-      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTP", 2 );
+    my $saml_slo_get_url = $self->getMetaDataURL(
+        "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect", 1 );
+    my $saml_slo_get_url_ret = $self->getMetaDataURL(
+        "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect", 2 );
+    my $saml_slo_post_url =
+      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTPPost",
+        1 );
+    my $saml_slo_post_url_ret =
+      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTPPost",
+        2 );
     my $saml_ars_url = $self->getMetaDataURL(
         "samlSPSSODescriptorArtifactResolutionServiceArtifact");
 
@@ -285,7 +291,7 @@ sub extractFormInfo {
 
     # 1.2 SLO
     elsif ( $url =~
-/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/io
+/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E|Q$saml_slo_post_url\E|\Q$saml_slo_post_url_ret\E)$/io
       )
     {
         $self->lmLog( "URL $url detected as an SLO URL", 'debug' );
@@ -1249,14 +1255,20 @@ sub authForce {
       $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceSOAP", 1 );
     my $saml_slo_soap_url_ret =
       $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceSOAP", 2 );
-    my $saml_slo_get_url =
-      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTP", 1 );
-    my $saml_slo_get_url_ret =
-      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTP", 2 );
+    my $saml_slo_get_url = $self->getMetaDataURL(
+        "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect", 1 );
+    my $saml_slo_get_url_ret = $self->getMetaDataURL(
+        "samlSPSSODescriptorSingleLogoutServiceHTTPRedirect", 2 );
+    my $saml_slo_post_url =
+      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTPPost",
+        1 );
+    my $saml_slo_post_url_ret =
+      $self->getMetaDataURL( "samlSPSSODescriptorSingleLogoutServiceHTTPPost",
+        2 );
 
     return 1
       if ( $url =~
-/^(\Q$saml_acs_art_url\E|\Q$saml_acs_post_url\E|\Q$saml_acs_get_url\E|\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/io
+/^(\Q$saml_acs_art_url\E|\Q$saml_acs_post_url\E|\Q$saml_acs_get_url\E|\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E|\Q$saml_slo_post_url\E|\Q$saml_slo_post_url_ret\E)$/io
       );
 
     return 0;

modules/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBSAML.pm

@@ -41,18 +41,30 @@ sub issuerForUnAuthUser {
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceSOAP", 1 );
     my $saml_sso_soap_url_ret =
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceSOAP", 2 );
-    my $saml_sso_get_url =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTP", 1 );
-    my $saml_sso_get_url_ret =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTP", 2 );
+    my $saml_sso_get_url = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect", 1 );
+    my $saml_sso_get_url_ret = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect", 2 );
+    my $saml_sso_post_url =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTPPost",
+        1 );
+    my $saml_sso_post_url_ret =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTPPost",
+        2 );
     my $saml_slo_soap_url =
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceSOAP", 1 );
     my $saml_slo_soap_url_ret =
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceSOAP", 2 );
-    my $saml_slo_get_url =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTP", 1 );
-    my $saml_slo_get_url_ret =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTP", 2 );
+    my $saml_slo_get_url = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect", 1 );
+    my $saml_slo_get_url_ret = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect", 2 );
+    my $saml_slo_post_url =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTPPost",
+        1 );
+    my $saml_slo_post_url_ret =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTPPost",
+        2 );
     my $saml_ars_url = $self->getMetaDataURL(
         "samlIDPSSODescriptorArtifactResolutionServiceArtifact");
     my $saml_slo_url_relay_soap =
@@ -65,7 +77,10 @@ sub issuerForUnAuthUser {
     my $content_type   = $self->content_type();
 
     # 1.1. SSO
-    if ( $url =~ /^(\Q$saml_sso_soap_url\E|\Q$saml_sso_get_url\E)$/io ) {
+    if ( $url =~
+/^(\Q$saml_sso_soap_url\E|Q$saml_sso_soap_url_ret\E|\Q$saml_sso_get_url\E|Q$saml_sso_get_url_ret\E|Q$saml_sso_post_url\E|Q$saml_sso_post_url\E)$/io
+      )
+    {
 
         $self->lmLog( "URL $url detected as an SSO request URL", 'debug' );
 
@@ -177,7 +192,7 @@ sub issuerForUnAuthUser {
 
     # 1.2. SLO
     if ( $url =~
-/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/io
+/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E|Q$saml_slo_post_url\E|\Q$saml_slo_post_url_ret\E)$/io
       )
     {
 
@@ -409,18 +424,30 @@ sub issuerForAuthUser {
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceSOAP", 1 );
     my $saml_sso_soap_url_ret =
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceSOAP", 2 );
-    my $saml_sso_get_url =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTP", 1 );
-    my $saml_sso_get_url_ret =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTP", 2 );
+    my $saml_sso_get_url = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect", 1 );
+    my $saml_sso_get_url_ret = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleSignOnServiceHTTPRedirect", 2 );
+    my $saml_sso_post_url =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTPPost",
+        1 );
+    my $saml_sso_post_url_ret =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleSignOnServiceHTTPPost",
+        2 );
     my $saml_slo_soap_url =
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceSOAP", 1 );
     my $saml_slo_soap_url_ret =
       $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceSOAP", 2 );
-    my $saml_slo_get_url =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTP", 1 );
-    my $saml_slo_get_url_ret =
-      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTP", 2 );
+    my $saml_slo_get_url = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect", 1 );
+    my $saml_slo_get_url_ret = $self->getMetaDataURL(
+        "samlIDPSSODescriptorSingleLogoutServiceHTTPRedirect", 2 );
+    my $saml_slo_post_url =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTPPost",
+        1 );
+    my $saml_slo_post_url_ret =
+      $self->getMetaDataURL( "samlIDPSSODescriptorSingleLogoutServiceHTTPPost",
+        2 );
 
     # Get HTTP request informations to know
     # if we are receving SAML request or response
@@ -429,7 +456,10 @@ sub issuerForAuthUser {
     my $content_type   = $self->content_type();
 
     # 1.1. SSO
-    if ( $url =~ /^(\Q$saml_sso_soap_url\E|\Q$saml_sso_get_url\E)$/io ) {
+    if ( $url =~
+/^(\Q$saml_sso_soap_url\E|Q$saml_sso_soap_url_ret\E|\Q$saml_sso_get_url\E|Q$saml_sso_get_url_ret\E|Q$saml_sso_post_url\E|Q$saml_sso_post_url\E)$/io
+      )
+    {
 
         $self->lmLog( "URL $url detected as an SSO request URL", 'debug' );
 
@@ -888,7 +918,7 @@ sub issuerForAuthUser {
 
     # 1.2. SLO
     if ( $url =~
-/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E)$/io
+/^(\Q$saml_slo_soap_url\E|\Q$saml_slo_soap_url_ret\E|\Q$saml_slo_get_url\E|\Q$saml_slo_get_url_ret\E|Q$saml_slo_post_url\E|\Q$saml_slo_post_url_ret\E)$/io
       )
     {