Are you talking about Guvnor, jBPM-Console or jBPM framework?
- Guvnor: should support through PicketLink -> I have never test it.
- jBPM-Console -> AFAIK, no
- jBPM -> is a low-level framework, so this question doesn't apply here.
Thanks for the reply.. But does jBPM solution has SAML(Security Assertion Mark-up Language) support ?
SAML functionality can be provided though a JAAS Login Module - in the case of SAML this module is provided by the PicketLink project implementation. I.e. I can configure a containers security poricipal authentication policy to use a SAML provider but this should be totally transparent to JBPM. A better question to ask is if JBPM fully utilises the configured authentication application policy of the underlying container.
Once again, your question without a context, an use case, or an scenario doesn't make any sense. from the business process perspective SAML doesn't even care.
JBPM itself is not a web page to be able to use security. It within your application that you use jbpm in that should handle security. The process and rules repository is called guvnor and its separate application with security but its for managing resources and not for your application normal user, only for ppl like admins or management. JBPM-console is sample implementation of application which uses jbpm5.2 engine for running processes and it has its own security, but its just sample application to get you started or test/show capabilities of jbpm engine.
read the user guilde: http://docs.jboss.org/jbpm/v5.2/userguide/
which is a very good way to know general functionalities and capabilities of jbpm