Currently i am using simplesamlphp and we have successfully implemented SSO, in which SAML request is sending through HTTP-REDIRECT and getting response through HTTP-POST.
Here my doubts are:
Can i send the authentication details(username&password) using HTTP-POST?
Is the simplesamlphp only for authentication or can i use for authorization purpose like oath for Facebook?
When you authenticate with simplesamlPHP, you get a SAML token which contains attributes, These attributes are what are used for authorisation. They can be derived from "a storage of users, a database, a LDAP or a radius interface".
Username can definitely be an attribute. However, password shouldn't be for security reasons.
In terms of authentication, it supports OpenID. For OAuth, I suspect you would have to roll your own authentication module.