Thanks to nobby and Sanjeev, I recently applied this to a similar case, and it set me on the right track.
Being very new to the SAML2 Spring security extension, I had to work a bit to apply WebSSOProfileOptions. Essentially, to get the HTTP-POST binding in a SAML verification request, you need the profile parameters passed to the org.springframework.security.saml.websso.WebSSOProfileImpl#sendAuthenticationRequest() method.
For our configuration, which is very similar to the configuration in the Spring RC2 sample project , this meant passing the WebSSOProfileOptions bean as described in Sanjeev's solution for the samlEntryPoint.defaultProfileOptions property (or adding a binding property to it).
The problem is that this did not cause AuthnRequest to dial the binding property as set. In our case, SAML metadata pointed isDefault=true to the HTTP-Artifact AssertionConsumerService link. And in our RC2 version of Spring SAML2, the RC2 library is the default behavior of org.springframework.security.saml.metadata.MetadataGenerator .
This can be overridden by setting the assertionConsumerIndex property in the MetadataGenerator. In our case, the HTTP Post post user is set to index 1.
<bean id="metadataGeneratorFilter" class="org.springframework.security.saml.metadata.MetadataGeneratorFilter"> <constructor-arg> <bean class="org.springframework.security.saml.metadata.MetadataGenerator"> <property name="assertionConsumerIndex" value="1" /> </bean> </constructor-arg> </bean>