SAML Authentication throws HTTP ERROR 405 | method POST is not supported
search cancel

SAML Authentication throws HTTP ERROR 405 | method POST is not supported

book

Article ID: 408197

calendar_today

Updated On:

Products

Automic SaaS CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

When setting up the SAML authentication integration, putting the rest api endpoint for the location= attributes in the *SP key for the UC_SAML_SETTINGS will result in the following error message after authentication on the IdP:

HTTP ERROR 405 HTTP method POST is not supported by this URL

URI: https://rest-endpoint.example.com/
STATUS: 405
MESSAGE: HTTP method POST is not supported by this URL

Environment

Automation Engine version: Any
Hosting platform (On-Prem vs SaaS): Any

Cause

The REST API does not allow for SAML Authentication and the Location= attribute of the AssertionConsumerService element must point to the awi

Resolution

The following lines in the *SP key of the UC_SAML_SETTINGS variable in client 0 must point to the AWI instead of the REST API and include a trailing "/":

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://rest-api.endpoint.example.com" index="0" isDefault="true"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://rest-api.endpoint.example.com" index="1"/>

These should look like this:

<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://awi-endpoint.example.com/awi/" index="0" isDefault="true"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://awi-endpoint.example.com/awi/" index="1"/>

The first line of the *SP entry in the UC_SAML_SETTINGS should also follow this format after entityID=, so it should be:

<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" ID="[automatically generated ID]" entityID="https://awi-endpoint.example.com/awi/" validUntil="2045-06-21T10:43:09.547Z">

You will also need to make sure on the IdP side that you are using the awi URL for the recipient and destination URL:

Please note that these URLs will need to be updated different in each system where SAML is implemented as the awi URL is different for each.  The important part is that it follow the format https://awi-endpoint.example.com/awi/

Additional Information

Information on setting up SAML can be found in the Setting up Single Sign-On - SAML documentation page

Powered by Wolken Software