Do not allow for POST binding with SSO

myconext-server/pom.xml

@@ -40,7 +40,7 @@
         <dependency>
             <groupId>org.openconext</groupId>
             <artifactId>saml-idp</artifactId>
-            <version>0.0.7-SNAPSHOT</version>
+            <version>1.0.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>

myconext-server/src/main/java/myconext/security/GuestIdpAuthenticationRequestFilter.java

@@ -168,7 +168,10 @@ private void sso(HttpServletRequest request, HttpServletResponse response) throw
             //prevent null-pointer and drop dead
             return;
         }
-        AuthnRequest authnRequest = this.samlService.parseAuthnRequest(samlRequest, true, isDeflated(request));
+        if (!HttpMethod.GET.name().equalsIgnoreCase(request.getMethod())) {
+            throw new IllegalArgumentException("Only GET redirect are support. Not: "+request.getMethod());
+        }
+        AuthnRequest authnRequest = this.samlService.parseAuthnRequest(samlRequest, true, true);
 
         String requesterEntityId = requesterId(authnRequest);
         String issuer = authnRequest.getIssuer().getValue();
@@ -330,10 +333,6 @@ private void addBrowserIdentificationCookie(HttpServletResponse response) {
         response.setHeader("Set-Cookie", BROWSER_SESSION_COOKIE_NAME + "=true; SameSite=Lax" + (secureCookie ? "; Secure" : ""));
     }
 
-    private boolean isDeflated(HttpServletRequest request) {
-        return HttpMethod.GET.name().equalsIgnoreCase(request.getMethod());
-    }
-
     private String requesterId(AuthnRequest authenticationRequest) {
         Issuer issuer = authenticationRequest.getIssuer();
         String issuerValue = issuer != null ? issuer.getValue() : "";