Client-side Support for SAML Artifact Binding

You can use HTTP artifact binding for instances where the SAML requester and responder need to communicate with each other using an HTTP user agent as an intermediary, but it's limitations preclude or discourage the transmission of an entire message (or message exchange) through it. This may be due to some technical reasons or the reluctance to expose the message content to the intermediary (where encryption is not practical).

In the HTTP artifact binding, the SAML request, the SAML response, or both are transmitted by reference using a small stand-in called an artifact. A separate, synchronous binding, such as the SAML SOAP binding, is used to exchange the artifact for the actual protocol message using the artifact resolution protocol. When using the HTTP artifact binding for the SAML <Response> message, SAML permits the artifact to be delivered via the browser using either an HTTP POST or HTTP Redirect response. 

About SAML Artifact

SAML artifact is a short, opaque string which will have the ability of an artifact receiver to identify the issuer of the artifact, resistance to tampering and forgery, uniqueness, and compactness. 

The format of a SAML artifact is shown below:

Open

Once the service provider has the artifact, it contacts the IdP's artifact resolution service using the synchronous SOAP binding to obtain the SAML message that corresponds to the artifact.

Following diagram shows the process of the SAML artifact binding:

Open

1. Log in to the management console.

2. Click Add under Identity Providers on the Main tab and give a name for the Identity Provider.

3. Click Federated Authenticators. 

4. Expand SAML Web SSO Configuration and configure the following:
   

   
   The table below gives descriptions about each of the above configuration parameters: