I've successfully set up the sale-post examples on JBoss 7.1.1 and after some classpath fixing it worked. I call the sales-post webapp, i'm redirected to the IDP, I authenticate and I'm coming back to sales-post with a SAML-Assertion.
As I understand it in this example the SPPostFormAuthenticator passes the SAML-Assertion contained in the HTTP-POST-Request using some ThreadLocal "magic" to the SAML2LoginModule. This LoginModule then creates a SimplePrincipal.
However I would prefer to have a SamlPrincipal as it is done in the STSIssuingLoginModule. My goal is to access the original SAML-Assertion as it was issued by the IDP in my Application (e.g. an EJB).
explains how to set up something similar but with the difference that the "end-user" authenticates with username/password. It seems that in this scenario the saml assertion is passed from the web container to the ejb container.