SAML2 Double Artifact Binding


HTTP Artifact Binding can be used to transport any SAML protocol message. Both Identity Provider and Service Provider can support Artifact Resolution Service endpoints. The mechanism is termed as Double Artifact Binding when both the request and response are exchanged using HTTP Artifact binding . Using Double Artifact binding, only the artifacts are exposed to the browser.

Does Forgerock AM or IM support Double Artifact Binding?
From this article it looks like they don’t.
Could you please, confirm it or point me to the documentation that explains how to configure it?

AM’s SAML implementation only supports HTTP-Redirect and HTTP-POST bindings for SAML Authentication Requests, and PAOS binding for SAML ECP flows. It does not support Artifact resolution for Authentication Requests.

1 Like