We are using ComponentSpace.SAML2.Profiles.SSOBrowser.IdentityProvider and calling SendSAMLResponseByHTTPPost to perform SSO and redirect a user to another URL.
This is working fine on IE and Firefox, but on Chrome the following is displayed in the browser
<html xmlns="http://www.w3.org/1999/xhtml">
<body onload="document.forms.samlform.submit()">
<noscript>
<p><strong>Note:</strong> Since your browser does not support Javascript, you must press the Continue button once to proceed.</p>
</noscript>
<form id="samlform" action="https://REDACTED URL" method="post">
<div>
<input type="hidden" name="SAMLResponse" value="REDACTED SAMLResponse"/>
<input type="hidden" name="RelayState" value="https://REDACTED URL"/>
</div>
<noscript>
<div><input type="submit" value="Continue"/></div>
</noscript>
</form>
</body>
</html>This is working on Chrome in a local environment with the same code.
There are some SSL certificate issues on the environment where we are experiencing the problem. Not sure if this could be related - is Chrome is more strict about this than other browsers?
This is because a header "x-content-type-options: nosniff" was present which prevents Chrome from determining the MIME type on its own. Explicitly adding a Content-Type header resolved the issue. https://www.owasp.org/index.php/List_of_useful_HTTP_headers