Apologies, in advance, for reporting this as a BUG since I don't think that it is an issue with passport-saml so much as it is for the code using it and I was hoping to get some advice on where to look to fix it. I tried the Discussions section but even logged in I could not start a new discussion.

Feel free to delete/close this if you feel that it is inappropriate.

I am running I GraphQL application that uses passport for authentication. It has gone through major revisions in terms of dependencies but it is using a deprecated version of passport-saml. The callback URL is:

https://www.site.org:4000/saml/consume

And this has worked for a few years. But after upgrading, with no change in configuration (but changes to the Python and Node dependencies), I get the error, above. The last version that worked also used passport-saml 3.2.4 so there has been no change, here.

What I am really looking for is a place to start.

Environment

• Node.js version:18.13.0
• passport-saml` version: 3.2.4
• Yarn version: 3.2.0
• Ubuntu version: 20.04

Are you saying

1. that you upgraded everething except passport-saml and

2. that the error you mentioned here:

   … , I get the error, above

   is the title of this issue report

   Cannot POST /saml/consume

   (or did you forgot to paste actual error report?)

3. that POST request processing does not even reach passport-saml related code before that error happens (which can be verified with step debugging if you do not have any stacktraces available)

You did not mention whether it is your client program which reports that error or your server.

Lets assume that you use expressjs.

Given aforementioned assumption(s) then good starting point(s) would be:

• https://www.google.com/search?q=node+express+cannot+post
  • which returns some interesting results from SO
• https://www.google.com/search?q=node+express+cannot+post+%2Bsite%3Astackoverflow.com

fwiw, if this issue is converted to discussion by maintainers original issue report was #847

Edit/Update: it seems that issue reporter had/has ongoing related issue - with extra context of the problem - here: OpenCTI-Platform/opencti#2791 (comment) (dunno why that info - which existed prior to this issue report - was not linked to issue description).

OpenCTI maintainers had already explained product specific auth route things for reporter (see linked opencti issue).

tl;dr; reporter tried to POST stuff to route (/saml/consume) which did not exists. OpenCTI implementation introduces ACS route handler to /auth/saml/callback. Reporter had obviously assumed that example location mentioned at passport-saml documentation would mean that passport-saml library client SWs (in this case OpenCTI) would automatically introduce ACS to same path.

@srd90 Thanks for the triage. It sounds like this can be closed then?