By default OpenAM transmits SAML messages by value. This makes it possible to access the SAML messages in the user agent. You can instead request that OpenAM transmit SAML messages by reference using SAML artifacts, which are small values that reference a SAML message. Providers then communicate directly to resolve artifacts, rather than sending the messages through the user agent.
When initiating single sign-on using idpSSOInit.jsp
or spSSOInit.jsp for example, add
binding=HTTP-Artifact to the list of query parameters.
The following example works in an environment where the identity provider is
www.idp.example and the service provider is
www.sp.example. Both providers have deployed OpenAM on port
8080 under deployment URI /openam.
http://www.sp.example:8080/openam/saml2/jsp/spSSOInit.jsp? idpEntityID=http%3A%2F%2Fwww.idp.example%3A8080%2Fopenam &metaAlias=/sp &binding=HTTP-Artifact
