3 Replies Latest reply on Mar 1, 2013 4:41 PM by Anil Saldanha

    SPFilter checking principal in non POST methods only

    Vladimir Albis Newbie

      Hello and many thanks for your answers.

       

      I have configured a JSF application as SP-standalone using SPFilter. After sucessfull login at IDP and granting access i noticed that when performing a POST in SP it is being redirected against IDP with a saml request (user is already authenticated). After checking SPFilter i see that if it's not a POST method first checks "if we are already authenticated" and if this is true filterChain performs a doFilter (wihtout redirecting to IDP). But in POST methods there is no check "if we are already authenticated".

       

      Is this correct? Does this mean that i cannot perform a POST method within SP (submitting a form) wihout being redirected to IDP?