When using SAML standalone mode for SP-initiated SSO using HTTP-POST, AM does not generate the expected AuthnRequest and instead sends the SAMLRequest (and other data) as query parameters in the same way HTTP-REDIRECT binding does. Federation log shows AM is using the HTTP-POST binding and does in fact submit the assertion using HTTP-POST but the initial authentication request doesn't behave as expected.
- Setup two AMs (SP and IDP)
- Make SPSSO call and specify HTTP-POST binding e.g. https://openam.example.com:8443/openam/saml2/jsp/spSSOInit.jsp?metaAlias=/sp&idpEntityID=https://idp.example.com:8445/openam&binding=urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
If AM is the SP, use the SAML module. Or use a different binding.