SAML 2.0 bindings (Federation)

SAML 2.0 bindings (Federation)

SAML requestors and responders communicate by exchanging messages. The mechanism to transport these messages is called a SAML binding. ISAM supports the following bindings:

HTTP redirect Enables SAML protocol messages to be transmitted within URL parameters. It enables SAML requestors and responders to communicate using an HTTP user agent as an intermediary. The intermediary might be necessary if the communicating entities do not have a direct path of communication. The intermediary might also be necessary if the responder requires interaction with a user agent, such as an authentication agent. HTTP redirect is sometimes called browser redirect in single sign-on operations. This profile is selected by default.
HTTP POST Enables SAML protocol messages to be transmitted within an HTML form by using base64-encoded content. It enables SAML requestors and responders to communicate using an HTTP user agent as an intermediary. The agent might be necessary if the communicating entities do not have a direct path of communication. The intermediary might also be necessary if the responder requires interaction with a user agent such as an authentication agent. HTTP POST is sometimes called Browser POST, particularly when used in single sign-on operations. It uses a self-posting form during the establishment and use of a trusted session between an identity provider, a service provider, and a client (browser).
HTTP artifact Binding in which a SAML request or response (or both) is transmitted by reference using a unique identifier called an artifact. A separate binding, such as a SOAP binding, is used to exchange the artifact for the actual protocol message. It enables SAML requestors and responders to communicate using an HTTP user agent as an intermediary. This setting is used when it is not preferable to expose the message content to the intermediary. HTTP artifact is sometimes called browser artifact, particularly when used in single sign-on operations. The HTTP artifact uses a SOAP back channel. The SOAP back channel is used to exchange an artifact during the establishment and use of a trusted session between an identity provider, a service provider, and a client (browser).
SOAP Binding that uses Simple Object Access Protocol (SOAP) for communication. To use SOAP binding, SAML requestors must have a direct communication path with SAML responders.

The choice of binding we have depends on the profile we choose to use in the federation.

Parent topic: SAML Federations Overview

HTTP redirect	Enables SAML protocol messages to be transmitted within URL parameters. It enables SAML requestors and responders to communicate using an HTTP user agent as an intermediary. The intermediary might be necessary if the communicating entities do not have a direct path of communication. The intermediary might also be necessary if the responder requires interaction with a user agent, such as an authentication agent. HTTP redirect is sometimes called browser redirect in single sign-on operations. This profile is selected by default.
HTTP POST	Enables SAML protocol messages to be transmitted within an HTML form by using base64-encoded content. It enables SAML requestors and responders to communicate using an HTTP user agent as an intermediary. The agent might be necessary if the communicating entities do not have a direct path of communication. The intermediary might also be necessary if the responder requires interaction with a user agent such as an authentication agent. HTTP POST is sometimes called Browser POST, particularly when used in single sign-on operations. It uses a self-posting form during the establishment and use of a trusted session between an identity provider, a service provider, and a client (browser).
HTTP artifact	Binding in which a SAML request or response (or both) is transmitted by reference using a unique identifier called an artifact. A separate binding, such as a SOAP binding, is used to exchange the artifact for the actual protocol message. It enables SAML requestors and responders to communicate using an HTTP user agent as an intermediary. This setting is used when it is not preferable to expose the message content to the intermediary. HTTP artifact is sometimes called browser artifact, particularly when used in single sign-on operations. The HTTP artifact uses a SOAP back channel. The SOAP back channel is used to exchange an artifact during the establishment and use of a trusted session between an identity provider, a service provider, and a client (browser).
SOAP	Binding that uses Simple Object Access Protocol (SOAP) for communication. To use SOAP binding, SAML requestors must have a direct communication path with SAML responders.