The SAML2 Post Authentication Plugin (org.forgerock.openam.authentication.modules.saml2.SAML2PostAuthenticationPlugin) is an optional component which can be added to a chain which includes the SAML2 authentication module. It is responsible for configuring the session in such a way that it correctly responds to IdP-initiated single logout requests, and can additionally be configured to support SP-initiated single logout.
The SAML2 authentication module is a new addition to OpenAM13. It comprises three new components which work together along with OpenAM’s SAML2 implementation to provide integrated SAML2 authentication to a standard OpenAM authentication chain. There are some limitations on the use of the new module – it supports HTTP-Artifact and HTTP-POST bindings and HTTP-Redirect and HTTP-POST request bindings. The new components are:
- A new SAML2 authentication module
- A new assertion consumer endpoint
- A new post authentication plugin
- use the new assertion consumer endpoint.