What is the best practice to deal with SAML POST and still maintaining CSRF protection ?

[bunlongheng]

I configured everything in the SP and iDP sections in saml2_settings.php I go to : /admin/login I got landed on my iDP log-in page immediately, it is a correct behavior.

I log-in with the proper username and password provided by my iDP.

After successfully authenticated, I kept redirecting back to my log-in page/host.

I declared my routes like this

Route::get('/admin/login','SAMLController@adminSignIn');
Route::post('admin/secure/dashboard', 'SAMLController@saml_post');

SAMLController

public function adminSignIn(){
        return Saml2::login(URL::full());
    }

public function saml_post(){
        $inputs = json_decode(Input::get('json'), true);
        dd($inputs); <—— I never get to see what POST to me from my iDP
}

How do I prevent that redirect ? Do I need to create a middleware ?

Can someone please help me how to create a middleware to prevent this redirecting ?

Thanks..