Form data / http POST method lost on SAML auth redirect

[KuangEleven]

I am setting up a reverse proxy with SAML auth. So far, the library has worked great, but I am running into an issue when trying to handle POST requests.

Through logging, with a fresh browser session, I can see the POST hit my endpoint, then I see another POST request hit /saml/acs as expected. Once I complete the SSO, and am redirected back, the redirect is to the correct path, but as a GET request with all POST data stripped. Interestingly, if I immediately try again with the same browser session, my SAML SSO service does not require logging in, and my request is correctly routed to the endpoint as a POST with the correct data as a single action.

It appears that the local cache or redirect process is somehow clobbering my initial POST data, is this a known issue or is there an easy workaround?

If needed, I can try to provide a minimal worked example, but it would take some effort to strip out my other logic in my current code.

[pheelee]

Maybe we need to switch to http status 307 instead of 302 in this line? https://github.com/crewjam/saml/blob/29c6295245bda6b40d9efb1dddaf7670ed782cb0/samlsp/middleware.go#L202

See https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307

@KuangEleven are you able to clone this repo modify the aforementioned code and use your local repo using the replace directive in go.mod in your project?

[amanjain97]

@pheelee I tried the same but it is not working. @KuangEleven Did you find any solution for this ? @crewjam Is this a known issue ?

[ploynomail]

I also encountered the same problem. The bad thing is that the front and back ends of our project are separated, and the back-end http interface uses POST, which makes me very distressed. Who can help me.