The key features of SAML v2 in OpenSSO Enterprise include:
Single sign-on using the POST profile, the Artifact binding (also referred to as HTTP redirect), and unsolicited responses (initiated by the identity provider)
Single logout using HTTP redirect and SOAP binding
Federation termination using HTTP redirect and SOAP binding
Auto-federation (automatic linking of service provider and identity provider user accounts based on a common attribute)
Bulk federation
Dynamic creation of user accounts
One time federation (transient NameID format for SSO)
Basic Authentication, SSL and SSL with client authentication for SOAP binding security
SAML v2 authentication
Identity provider discovery
XML verification, signing, encryption and decryption
Profile initiation and processing using included JavaServer Pages™ (JSP™)
Load balancing support
IDP Proxy
Assertion failover
Enhanced Client or Proxy (ECP) support in SP and IDP
Assertion queries and requests
Attribute queries
New Name Identifier
Affiliation
Name Identifier Mapping
XACML profile for authorization
See XACML Service for more information.
Protocol coexistence with the SAML v1.x and the Liberty ID-FF
Additionally, OpenSSO Enterprise has received high scores and passed the Liberty Alliance Project interoperability tests for SAML v2. For more information, see the SAMLv2 support matrix on the Liberty Alliance Project web site.