The requirement is that the EntityId is a URI (not URL, in this case the difference between URIs and URLs is important). See “8.3.6 Entity Identifier” in the SAML2 Core spec. From SAML 2.0 Specification : 8.3.6 Entity Identifier URI: urn:oasis:names:tc:SAML:2.0:nameid-format:entity Indicates that the content of the element is the identifier of an entity that … Read more
Typically, the intent of the artifact binding is to reduce the flow of SAML messages through the browser itself. This could be due to browser restrictions (browsers that have limits on query string / POST payload size) or no support for JavaScript (for auto-submitted forms), or even to improve the security model of how the … Read more
Both SAML and JWT are security token formats that are not dependent on any programming language. SAML is the older format and is based on XML. It’s used commonly in protocols like SAML-P, WS-Trust and WS-Federation (although not strictly required). JWT (JSON Web Token) tokens are based on JSON and used in new authentication and … Read more