SAML 2.0 bindings
SAML requestors and responders communicate by exchanging messages. The mechanism to transport these messages is called a SAML binding.
- HTTP redirect
- HTTP redirect enables SAML protocol messages to be transmitted within URL parameters. It
enables SAML requestors and responders to communicate by using an HTTP user agent as an
intermediary.
The intermediary might be necessary if the communicating entities do not have a direct path of communication. The intermediary might also be necessary if the responder requires interaction with a user agent, such as an authentication agent.
HTTP redirect is sometimes called browser redirect in single sign-on operations. This profile is selected by default.
- HTTP POST
- HTTP POST enables SAML protocol messages to be transmitted within an HTML form by using
base64-encoded content. It enables SAML requestors and responders to communicate by using an HTTP
user agent as an intermediary.
The agent might be necessary if the communicating entities do not have a direct path of communication. The intermediary might also be necessary if the responder requires interaction with a user agent such as an authentication agent.
HTTP POST is sometimes called Browser POST, particularly when used in single sign-on operations. It uses a self-posting form during the establishment and use of a trusted session between an identity provider, a service provider, and a client (browser).
- HTTP artifact
- HTTP artifact is a binding in which a SAML request or response (or both) is
transmitted by reference by using a unique identifier that is called an artifact.
A separate binding, such as a SOAP binding, is used to exchange the artifact for the actual protocol message. It enables SAML requestors and responders to communicate by using an HTTP user agent as an intermediary.
This setting is used when it is not preferable to expose the message content to the intermediary.
HTTP artifact is sometimes called browser artifact, particularly when used in single sign-on operations. The HTTP artifact uses a SOAP back channel. The SOAP back channel is used to exchange an artifact during the establishment and use of a trusted session between an identity provider, a service provider, and a client (browser).
- SOAP
SOAP is a binding that uses Simple Object Access Protocol (SOAP) for communication.
To use SOAP binding, SAML requestors must have a direct communication path with SAML responders.
The choice of binding you have depends on the profile you choose to use in your federation.