SAML 1.x Browser/Artifact handler does not support HTTP method (POST)

Summary

This error states that there has been a POST operation to the Artifact handler that expects a GET.

You have probably configured the SP to use the Browser/Artifact protocol. The Browser/Artifact protocol is based on a reference string that is passed through the browser from the IdP to the SP as a http parameter. The Artifact handler at the SP (Shibboleth.sso/SAML/Artifact) expects to receive this parameter using a GET operation.

Possible Causes and Solutions

By default a 1.3 IdP uses the Browser/POST protocol. So if an SP is unknown to an IdP the IdP will use that profile, even when the SP has requested the Artifact protocol. The POST protocol means the IdP will submit the authentication statement using a http POST... in this case wrongly to the Artifact handler.

To solve this problem, check whether the metadata at the IdP contains an entry for the SP that is showing this problem. You can see the metadata lookup attempt happening in the IdP logs. If you're seeing this error at the SP, then you'll most likely see a message in the IdP log saying "No metadata found for provider: (<providerId_from_SP_config>)". Note that matching is done by comparing the entityID (in the MetaData at IdP) and providerID (in ShibbolethXml at SP; transported to the IdP for matching using a GET parameter), so these should be exactly the same and thus agreed upon by both parties, SP and IdP.

Browser not supported