What does "Invalid SAML POST" mean?

This article assumes the following conditions are true:

1. You have a Symantec Web Security Service subscription.
2. You are using SAML authentication.
3. You have received the following error message and want more information about the error

Invalid SAML POST
A request was received at the SAML POST endpoint that did not contain valid SAML POST data. If you reached here by pressing the browser's back button, please enter the target URL in the address bar.

SAML authentication works by an exchange of authentication data known as SAML assertions.
This authentication data is sent from the client PC to the Service Provider (saml.threatpulse.net) through the HTTP POST method shortly after authentication with your (Identity Provider) IDP was successful.

Pressing the Back button on the browser immediately after IDP authentication has taken place causes the browser to automatically re-submit the POST data that was already submitted to the Service Provider (SP) in a previous transaction (at a time when the SP is not expecting to receive it).
Other similar browser operations might also result in seeing this error.


 

This error is an expected behavior based on how SAML transactions work.
Refer to the following URL for details on what a full SAML transaction looks like:
https://support.symantec.com/en_US/article.TECH241052.html

Workaround

Re-enter the desired website into the address-bar.
This triggers a new SAML authentication transaction.