The key features of the SAML v2 Plug-in for Federation Services include:
Interoperability with the following Sun Microsystems' server products:
Access Manager 7 2005Q4
Federation Manager 7.0
The SAML v2 Plug-in for Federation Services supports all web containers and platforms used by these products.
Single sign-on using the POST profile, the Artifact binding (also referred to as HTTP redirect), and unsolicited responses (initiated by the identity provider).
Single logout using HTTP redirect and SOAP binding.
Federation termination using HTTP redirect and SOAP binding.
Auto-federation (automatic linking of service provider and identity provider user accounts based on a common attribute).
Supports one-time federation (transient NameID format in SSO).
Service provider interfaces (SPI) for the following:
Account mapping (map between the account referred to in the incoming request and the local user account).
Attribute mapping (specifies which set of user attributes in an identity provider user account need to be included in an assertion AND maps the attributes included in an assertion by the identity provider to attributes in the user account defined by the service provider).
Authentication context mapping (map between Authentication Contexts defined in the SAML v2 specifications and authentication framework schemes defined in Access Manager and Federation Manager (user/module/service/role/level based authentication).
Supports Basic Authentication, SSL and SSL with client authentication for SOAP Binding.
SAML v2 authentication module.
Support for the identity provider Discovery Protocol as the SAML v2 IDP Discovery Service.
Supports SAML v2 Circle of Trust.
A SAML v2 software development kit (SDK).
XML verification, signing, encryption and decryption.
JavaServer Pages™ (JSP™) for profile initiation and processing.
Support for load balancing.
Pre-deployment of sample.
Protocol coexistence with the SAML v1.x and the Liberty Alliance Project's Identity Federation Framework (Liberty ID-FF).
Although the SAML v2 and SAML v1.x specifications can coexist, they are not interoperable.