You're completely right about the lack of SOAP binding support in the PicketLink Seam module. Another binding that is not supported, by the way, is the HTTP Artifact binding. Just because no one asked for it :-).

The PicketLink Seam module implements two SAMLv2 profiles: the Web Browser SSO Profile and the Single Logout Profile (sections and 4.1 and 4.4 of the SAMLv2 Profiles specification). According to the specification, the Web Browser SSO Profile can only be used with "front channel" bindings: HTTP Redirect, HTTP POST and HTTP Artifact. In the specification of the Single Logout Profile, the SOAP binding is mentioned as an allowed back channel binding, but there is a very strong bias on the front channel bindings there. That bias has to do with the fact that sessions are often maintained with browser cookies, which implies that you need the browser (user agent) to logout the user from all applications.

I wonder what IDP you're using, and where the SOAP binding requirement exactly comes from. I don't see possibilities of implementing that binding, because the specification doesn't describe it (at least not for the sign on part).

So, maybe you're referring to a whole other set of standards/specifications? Maybe WS-Trust or WS-Federation or another WS-* standard? In that case, your question is out of scope for the current PicketLink Seam module. The PicketLink Seam module targets web applications, not web services or web service clients. There are some other parts of PicketLink (not lead by me) that focus more on web services, but they have no explicit Seam support.

I wrote two articles about using PicketLink with OpenSSO based IDP's. Maybe they can help you when testing with OpenAM:

External authentication example using OpenSSO

External authentication example using SSOCircle

OpenSSO itself doesn't require a SOAP back-channel binding, so requiring it has probably been a choice of the organisation that runs your IDP.