How is SAML SSO typically implemented?
I've read this about using SAML with Google Apps, and the wikipedia entry on SAML.
The wikipedia entry talks about responding with forms containing details of the SAMLRequest and SAMLResponse. Does this mean that the user has to physically submit the form in order to proceed with the single sign on?
The google entry talks about using redirects, which seems more seemless to me. However, it also talks about using a form for the response which the user must submit (although it does talk about using JavaScript to automatically submit the form).
Is this the standard way of doing this? Using redirects and JavaScript for form submission?
Does anyone know of any other good resources about how to go about implementing SSO between a Windows Domain and a J2EE web application. The web application is on a separate network/domain. My client wants to use CA Siteminder (with SAML).