diff --git a/internal/api/ui/login/login.go b/internal/api/ui/login/login.go
index af6e555468..ccc0832779 100644
--- a/internal/api/ui/login/login.go
+++ b/internal/api/ui/login/login.go
@@ -105,7 +105,7 @@ func csp() *middleware.CSP {
 	csp := middleware.DefaultSCP
 	csp.ObjectSrc = middleware.CSPSourceOptsSelf()
 	csp.StyleSrc = csp.StyleSrc.AddNonce()
-	csp.ScriptSrc = csp.ScriptSrc.AddNonce()
+	csp.ScriptSrc = csp.ScriptSrc.AddNonce().AddHash("sha256", "AjPdJSbZmeWHnEc5ykvJFay8FTWeTeRbs9dutfZ0HqE=")
 	return &csp
 }
 
diff --git a/internal/idp/providers/saml/saml.go b/internal/idp/providers/saml/saml.go
index aa816dfead..b37eb0ac1d 100644
--- a/internal/idp/providers/saml/saml.go
+++ b/internal/idp/providers/saml/saml.go
@@ -159,6 +159,9 @@ func (p *Provider) GetSP() (*samlsp.Middleware, error) {
 	if p.requestTracker != nil {
 		sp.RequestTracker = p.requestTracker
 	}
+	if p.binding != "" {
+		sp.Binding = p.binding
+	}
 	return sp, nil
 }