Issue

• Does JBoss PicketLink support the Web Browser SSO profile?
• If so, how can I configure it to use HTTP-Redirect from the SP to the IDP and HTTP-POST from the IDP to the SP?

• The SAML spec that discusses the Web Browser SSO profile is located here. Section 4.1.2 shows a sequence diagram for the web browswer sso profile. In the explanation of sequence diagram for web browser sso profile, I see the following:

  412 3. <AuthnRequest> issued by Service Provider to Identity Provider
  
  413 In step 3, the service provider issues an <AuthnRequest> message to be delivered by the user
  414 agent to the identity provider. Either the HTTP Redirect, HTTP POST, or HTTP Artifact binding
  415 can be used to transfer the message to the identity provider through the user agent.
  

  420 5. Identity Provider issues <Response> to Service Provider
  
  421 In step 5, the identity provider issues a <Response> message to be delivered by the user agent
  422 to the service provider. Either the HTTP POST, or HTTP Artifact binding can be used to transfer
  423 the message to the service provider through the user agent. The message may indicate an error,
  424 or will include (at least) an authentication assertion. The HTTP Redirect binding MUST NOT be
  425 used, as the response will typically exceed the URL length permitted by most user agents.
  

  This seems to indicate that for the web based sso profile, that the SP to IDP request can use either HTTP Redirect or HTTP Post. But the IDP should respond to the SP with a HTTP Post.