Overview#
SAML Bindings is a mapping of a
SAML protocol message onto standard messaging formats and/or communications
protocols. For example, the
SAML SOAP binding specifies how a
SAML message is encapsulated in a
SOAP envelope, which itself is
bound to an
HTTP message.
SAML 1.1 specifies just one binding, the
SAML SOAP Binding. In addition to SOAP, implicit in SAML 1.1 Web Browser SSO are the precursors of the HTTP POST Binding, the HTTP Redirect Binding, and the HTTP Artifact Binding. These are not defined explicitly, however, and are only used in conjunction with SAML 1.1 Web Browser SSO. The notion of
binding is not fully developed until
SAML V2.0.
SAML 2.0 completely separates the binding concept from the underlying profile. In fact, there is a brand new binding specification in SAML 2.0 that defines the following standalone bindings:
This reorganization provides tremendous flexibility: taking just Web Browser SSO alone as an example, a service provider can choose from four bindings (HTTP Redirect, HTTP POST and two flavors of HTTP Artifact), while the identity provider has three binding options (HTTP POST plus two forms of HTTP Artifact), for a total of twelve (12) possible deployments of the SAML 2.0 Web Browser SSO Profile.
There might be more information for this subject on one of the following: