The Shibboleth V1 software has reached its End of Life and is no longer supported. This documentation is available for historical purposes only.

BrowserPOST

The Browser/POST SSO profile of SAML 1.1 (see resources) is supported by all versions of Shibboleth, and is the default SSO profile used in most Shibboleth deployments.

In this profile, the !IdP sends the authentication assertion to the SP by encoding it as form data in an HTML form sent to the user's browser. Javascript included in the HTML page normally allows this form to be automatically submitted as an HTTP POST to the SP's assertion consumer service.

Because the authentication assertion passes through the user's browser in the clear, in privacy sensitive environments it is not usual for attributes to be included (so-called AttributePush). Instead, the SP performs an attribute query to the !IdP's attribute authority over an SSL-protected channel to acquire the subject's attributes.

Compare BrowserArtifact.