Background

PicketLink IDP supports SAML2 SP-Initiated SSO and SAML 1.1 IDP-Initiated SSO.  There is a requirement to support SAML2 IDP-Initiated SSO.

Design

Right now, in the absence of SAML2 request/response, the IDP moves to a SAML 1.1 workflow as described in https://docs.jboss.org/author/display/PLINK/SAML+v1.1

A change would be to make it configurable at the IDP to use SAML2 IDP initiated workflow in the absence of SAML2 request/response payload.

References

http://saml.xml.org/wiki/idp-initiated-single-sign-on-post-binding

Final Decision

https://issues.jboss.org/browse/PLINK-364

Available in 2.6.0.CR1 and later.

Targeted for PicketLink v2.6.0.Final