SSO Client-initiated forms using GET instead of PUT

I'm trying to understand the SSL data flow for a web app that uses client-initiated forms vs regular forms (because I can't get it to work).

After APM login, an app login page is presented to the client, who enters a username and password, and clicks a Logon button. The app jscript on the page then issues a GET with the username and password as parameters.

Login page:/login/login.html

Forms items:

_txt-username (session.sso.token.last.username)
_txt-password (session.sso.token.last.password)

Submit action from client:

GET /login/submit.html&username=USER1&password=PASS (the form fields are not sent)

I tried to do this with a regular SSO form and GET. SSO URI matched, the GET was built correctly, and the app responded with the appropriate message for a successful login (it also appended the two forms items as parameters, but no harm that I can see). But the jscript in the browser doesn't seem to know that Login has been pressed, and hangs.

Then I tried using a client-initiated SSO form and GET, and while I got the same net result.

So, under what circumstances is APM looking at requests vs. responses for URI match? And how does the action of client initiated differ from regular forms-based SSO? Does GET vs. POST alter this flow? The documentation doesn't talk about GET vs. POST at all, or how the two modes vary (v12.1.2).

Cheers!