I'm using SAML tokens to authenticate against a set of REST-ful services, by putting the SAML token in the
Authorization: Bearer <EncryptedAssertion ...
Authorization: Bearer PEVuY3J5cHRlZEFzc2VydGlvbiAuLi4=
Authorization: SAML PEVuY3J5cHRlZEFzc2VydGlvbiAuLi4=
The standard for custom auth schemes in HTTP is defined in the RFCs 2617 and 7235.
Authorization: scheme key="value", ...
I doubt there is a standard for your specific case, but I'd say this is acceptable:
Authorization: SAML bearer="PEVuY3J5cHRlZEFzc2VydGlvbiAuLi4="