HTTP POST binding is used for an identity provider response to a request from a service provider. To configure for POST binding, the following tags must be present in the identity provider standard metadata.
<IDPSSODescriptor WantAuthnRequestsSigned="false" protocolSupportEnumeration="urn:oasis:names:tc: SAML:2.0:protocol">. <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0: bindings:HTTP-POST" Location="http://isdev-3.red.com: 58080/fam/IDPSloPOST/metaAlias/idp" ResponseLocation="http://isdev-3.red.com: 58080/opensso/IDPSloPOST/metaAlias/idp"/> <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings: HTTP-POST" Location="http://isdev-3.red.iplanet.com:58080/opensso/ SSOPOST/metaAlias/idp"/> </IDPSSODescriptor>
To configure on the service provider side the standard metadata must include the following tags.
<SPSSODescriptor AuthnRequestsSigned="false" WantAssertionsSigned="false" protocolSupportEnumeration= "urn:oasis:names:tc:SAML:2.0:protocol"> ..... <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://mach1.red.com:58080/opensso/ SPSloPOST/metaAlias/sp" ResponseLocation="http://mach1.red.com:58080/ opensso/SPSloPOST/metaAlias/sp"/> </SPSSODescriptor>
idpSSOInit.jsp, spSSOInit.jsp, spSingleLogoutInit.jsp and idpSingleLogoutInit.jsp will initiate single sign-on or single logout using the proper binding. Supported values are urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect and urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST. An example URL for service provider initiated single logout might be http://mach1.red.com:58080/opensso/saml2/jsp/spSingleLogoutInit.jsp?metaAlias=/sp&idpEntityID=isdev-3.red.com&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST