Hi Team,

I’m trying to integrate Redash with JumpCloud SAML authentication, but I keep getting an error related to unsupported bindings:

[ERROR][saml2.mdstore] Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (Jumpcloud) ... saml2.client_base.SignOnError: {'message': 'No supported bindings available for authentication', 'bindings_to_try': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], 'unsupported_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']}

I have verified that my JumpCloud metadata.xml explicitly specifies:

<md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://sso.jumpcloud.com/saml2/redash"/>
However, Redash still seems to be trying HTTP-Redirect instead of HTTP-POST, leading to authentication failure. I'm i missing something here?

• Is there any configuration in Redash that forces HTTP-POST binding?
• Could this be a known issue with JumpCloud or Redash’s SAML implementation?
• Is there a workaround or patch that allows enforcing the correct binding?

Any help or guidance would be greatly appreciated! Thanks in advance.

Logs:

[2025年02月24日 13:58:41,709][PID:9][ERROR][saml2.mdstore] Unsupported binding: urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect (Jumpcloud)
[2025年02月24日 13:58:41,709][PID:9][ERROR][redash.app] Exception on /saml/login [GET]
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 2190, in wsgi_app
response = self.full_dispatch_request()
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1486, in full_dispatch_request
rv = self.handle_user_exception(e)
File "/usr/local/lib/python3.10/site-packages/flask_restful/init.py", line 298, in error_router
return original_handler(e)
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1484, in full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1469, in dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/app/redash/authentication/saml_auth.py", line 160, in sp_initiated
_, info = saml_client.prepare_for_authenticate(nameid_format=nameid_format)
File "/usr/local/lib/python3.10/site-packages/saml2/client.py", line 72, in prepare_for_authenticate
reqid, negotiated_binding, info = self.prepare_for_negotiated_authenticate(
File "/usr/local/lib/python3.10/site-packages/saml2/client.py", line 183, in prepare_for_negotiated_authenticate
raise SignOnError(error_context)
saml2.client_base.SignOnError: {'message': 'No supported bindings available for authentication', 'bindings_to_try': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect'], 'unsupported_bindings': ['urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect']}