SAML-based products and services

SAML is a set of specifications that ENCOMPASSES the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This document provides an overview about products and services that implement SAML 2.0 key actors like Identity providers or components to enable services to be SAML-enabled.

Products that provide SAML actors

SAML actors are Identity Providers (IdP), Service Providers (SP), Discovery Services, Enhanced Client or Proxy (ECP), Metadata services, etc. This table shows the capability of products according to Kantara Initiative testing.[1][2] Claimed capabilities are in column "other". Each mark denotes that at least one interoperability test was passed. Detailed results with product and test procedure versions are available at the Kantara/Liberty site given below.

NOTE: This table represents a snapshot over time roll up of the most recent product test results (multiple testing rounds). Please note that some products features and abilities may have been updated since they were last tested. Please check the website information of the originating product for the latest features and updates.

Product Name Project/Vendor License Kantara-certified Interoperability Other Features
IdP IdP Light SP SP Light eGov 1.5 Attr Auth Resp. POST Bind. Roles Protocols
10Duke Identity Provider[3] 10DukeCommercialIdP, SP, FederationSAML 1.0, SAML 2.0, OpenID, LDAP
adAS[4] PRiSEOSSXXXXXXXIdP, SP, FederationWS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Google, Microsoft365, Facebook, Kerberos, LDAP
ADFS 1.xMicrosoftCommercialXXXIdPWS-Federation, WS-Trust, SAML 1.0
ADFS 2.0MicrosoftCommercialXXXIdPWS-Federation, WS-Trust, SAML 1.1/2.0
ADFS 2.1MicrosoftCommercialXXXIdPWS-Federation, WS-Trust, SAML 2.0
ADFS 3.0MicrosoftCommercialXXXIdPWS-Federation, WS-Trust, SAML 2.0, OAuth2
ADFS 4.0MicrosoftCommercialXXXIdPWS-Federation, WS-Trust, SAML 2.0, OAuth2, OpenID Connect
Asimba[5]Asimba.orgOSSIdP(Fork of OpenASelect)
AssureBridge SAMLConnect[6]AssureBridgeCommercialXXXXIdP, SPSAML 1.1, SAML 2.0, OpenID, WS-Federation,
Authentic2[7]EntrouvertOSSIdP, SPOpenID 1&2, CAS 1&2, OAuth2, LDAP 2&3, PAM, RADIUS, OATH, Kerberos, X509
Bitium[8]BitiumCommercialIdP, SPSAML, SAML 2.0
CA Federation Manager[9]CACommercialXXXWS-Federation
Centrify DirectControlCentrifyCommercialBroker SAML, OpenID, OAuth, WS-*, LDAP, Kerberos
Citrix Open Cloud[10]CitrixCommercialSSO Middleware
Cloud Identity ManagerMcAfeeCommercialBroker SAML 2, OpenID, OAuth, XACML, LDAP v3, JM
Cloud Federation Service[11]Radiant LogicCommercialIdP, SPSAML 2.0, WS-Federation, OAuth 2.0, OpenID
Cloudseal[12]CloudsealSaaSIdP, SP
Comfact IDP[13]ComfactCommercialIdP-
Connectis[14]ConnectisCommercialIdP, SP
Corto project homeGÉANTOSSBroker
Dot Net Workflow[15]The Dot Net FactoryCommercialXXIdP,SP WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN)
DirX Access[16]Atos/SiemensCommercialXXX
DualShield[17]Deepnet SecurityCommercialXXXXIdPSAML 2.0
Elastic SSO Team[18]9STARCommercialXXXXIdPSAML 2.0 SAML 1.1
Elastic SSO Enterprise[19]9STARCommercialXXXXIdPSAML 2.0 SAML 1.1
ESOEQueensland University of TechnologyOSSIdp, Sp
Entrust GetAccess[20]EntrustCommercialXXXXXXXIdP, SPSAML 1.0, SAML 1.1, SAML 2.0
Entrust IdentityGuard[21]EntrustCommercialXXXXXXIdPSAML 2.0, OpenID
EIC[22]EricssonCommercialX
EmpowerID[23]The Dot Net FactoryCommercialIdP,SP WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN)
Evidian Web Access ManagerEvidianCommercialXXXXXXIdP, SP, FederationSAML 1.1, SAML 2.0, OpenID Connect, CAS 1&2, OAuth2, LDAP v3, RADIUS, OATH, Kerberos, X509, Microsoft365, Google, Multi-factor, SSO, extended integration functionalities
BIG-IP Access Policy ManagerF5 Networks CommercialIdP, SP, BrokerSAML 2.0
Fluig Identity TOTVS Commercial IdP, SP SAML 2.0
Fugen Cloud ID BrokerFugen Solutions CommercialBrokerSAML 1.1, SAML 2.0, WS-Federation, WS-Trust, OpenID, and OAuth
GlobalSign SSO GMO GlobalSign CommercialXXXXXECP, DiscoverySAML 2.0, ETSI MSS 102 204, TUPAS, WS-Federation, OpenID
Gluu Server[24]GluuOSSXXSAML OpenID Connect IdP, UMA PDPOpenID Connect, UMA, RADIUS, LDAP
Horizon App Manager[25]VMwareCommercialXXXXX
HP IceWall SSO[26]HPCommercialSP SAML 2
ILANTUS Sign On Express[27]IlantusCommercialIdP, SP SAML 2
Intel Cloud SSO[28]IntelCommercialIdP, SP SAML 2, OpenID, OAuth
Ilex Sign&go[29] ILEXCommercialXXXXXXXIdP, SP, FederationWS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Shibboleth, CAS, Google, Microsoft365, Facebook, Kerberos, LDAP
iSAML[30]AvocoCommercialIdP SAML 2, WS-Trust, OpenID
iWelcome[31]iWelcomeCommercialXXXXXXXIdP SAML 2, SAML 1.0, WS-Trust, Kerberos, OAuth2, Facebook, google, includes provisioning from-to on-Prem, AD, Multi-factor, extended integration functionalities
JOSSO (Community Ed.)[32]josso.orgOSSXIdP,SPSAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1
JOSSO (Enterprise Ed.)[33]AtricoreCommercialXIdP,SPSAML2, WS-Fed, OpenID Connect, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1
Juniper SSL VPN[34]Juniper NetworksCommercialIdP, SP
Kanban Tool[35]Shore LabsSaaSSP SAML 2.0
Keycloak JBoss OSSIdP Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications[36]
Layer 7[37]SecureSpan GatewayCommercialXXPDP/PEPOAuth2, SAML 1.1, SAML2, ABAC, OpenID Connect, XML Firewall
Larpe[38]EntrouvertOSSXXSAML Reverse ProxyOpenID, CAS, OAuth
LemonLDAP::NG[39]LemonLDAP::NGOSSIdP, SPSSO, WS-Federation, CAS, OpenID-Connect, SAML-2, Twitter, Protocol proxy
NetIQ Access Manager[40]NetIQ (formerly Novell)CommercialXXXXXXXIdP, SPWS-Security, WS-Federation, WS-Trust, SAML 1.1 / 2.0, Liberty, Single Sign-on, RBAC, CardSpace, OAuth, OpenID, STS. Includes integration with cloud and social media providers (Office 365, Windows Live (MSN), Google, Facebook, etc.)
NetWeaver Appserver[41]SAPCommercial(pending)CAS, OpenId, Twitter
OneGate[42] MobilityGuard Commercial X X X X X X X IdP, SP SAML 1.1, SAML 2.0
OpenAM[43]ForgeRock (ex. Sun)OSSXXXXXXXECP, IdP ProxyOpenID Connect, OAuth2, SAML 2.0, SAML 1.1, WS-Federation, WS-Trust, XACML, Liberty, Kerberos, Facebook, Google, Windows Live (MSN)
Okta[44]OktaCommercialIdP, SP
OneLogin[45]OneLoginCommercialIdP, SPSAML, WS-Federation, Kerberos, OAuth, OpenID
OpenAthens LA[46]eduservCommercialIdP
OpenAthens SP[47]eduservCommercialSP
Open Select[48]OpenASelect.orgOSSIdPOAuth (project continues as asimba)
OpenOTP/TiQR SAML IdP[49]RCDevsFreeXXIdPSAML 2.0, OpenID 1.1/2.0, RADIUS, LDAP
Optimal IdM VIS Federation Services[50]Optimal IdMCommercialXXXIdP, SP, Broker, SSOWS-Federation, WS-Trust, SAML 1.x, SAML 2.0, OpenID 2.0, Kerberos, LDAP, Office 365, RADIUS, OAUTH, multi-factor
Oracle Identity Federation 11g[51]OracleCommercialXXXIdP, SPWS-Federation, SAML 1.x, SAML 2.0, OpenID 2.0
Pega 7 Platform[52]Pegasystems Inc.CommercialXXXSPSAML 2.0, OAuth, WS-Trust, LDAP
PhoneFactor[53] PhoneFactor, Inc commercialIdP
PicketLink[54]JBoss CommunityOSS(pending)OpenID, A-Select, CAS, XACML
PingFederate[55]Ping IdentityCommercialXXWS-Federation, WS-Trust, OpenID, OAuth, Facebook, LinkedIn, Twitter, Windows Live
PortalGuard[56]PistolStar, Inc.CommercialIdP, SP, SSO, MiddlewareSAML 2, LDAP v3, XML-DSIG
RSA Federated Identity[57]RSACommercialXXXFacebook, OpenID, LinkedIn, Twitter, Windows Live
Safewhere*Identify[58]SafewhereCommercialIdP,SPSAML 2.0, WS-Federation, WS-Trust, OAuth 2.0, multi-factor, OpenID Connect, Facebook, LinkedIn, Twitter, LiveID, Google, LDAP
SailPoint IdentityNow[59]SailPointCommercialIdP, SPSAML 1.1, SAML 2.0, OAuth2, Kerberos, WS-Federation
Samanage[60]SamanageCommercialEnterprise-to-cloud SSO Middleware
SecureAuth[61]SecureAuth Corp.CommercialXXXXXXXIdP, SP 2-Factor, IBM LTPA, Facebook, Google, LinkedIn, Microsoft FBA, Microsoft IWA, OAUTH, OpenID, OpenID Connect, SAML 1.1, SAML 2.0, Twitter, WebServices, Windows Live, X.509v3, Yahoo
ShibbolethInternet2OSSIdP, SP, DiscoverySAML 1.1, SAML 2.0
SimpleSAMLphp[62]UNINETT ASOSSXXOpenID, A-Select, CAS, WS-Federation and OAuth,Facebook,LinkedIn,Twitter, Windows Live, SAML 2
SMS PASSCODE Multi-factor Authentication[63]SMS PASSCODECommercialIdP?
SSO EasyConnect[64]SSO EasyCommercialIdP, SP
Symlabs Federated Identity Suite[65]SymlabsCommercialXXXXXXECPOpenID, A-Select, CAS, WS-Federation and OAuth
Symplified[66]SymplifiedCommercialXXXXXXXIdP, SP, BrokerSAML 1.1, SAML 2.0, WS-Federation, OpenID, OAuth, XACML, IBM LTPA, Microsoft IWA, 2-Factor, Facebook, Google, Twitter, ABAC / context-based AC
Tivoli Federated Identity Manager[67]IBMCommercialXXXXXXXWS-Federation, OpenID, Liberty, InfoCard, Microsoft CardSpace
TrustBind[68]NTT Software CorpCommercialXXXXXECPOpenID, ID-WSF
TrustBuilder[69]SecurITCommercialIdP, SP, IdP-ProxySAML 2.0, OAuth 2.0, OpenID Connect, Kerberos
Trustelem Trustelem Commercial IdP SAML 2.0, OpenID Connect, WS-Fed, OAuth 2.0, Integrated Windows Authentication, Kerberos, Active Directory, LDAP, FIDO U2F.
USP Secure Entry Server®[70]United Security ProvidersCommercialSP, IdP, IdP-ProxySAML 2.0, SAML 1.0, Kerberos, NTLM, LDAP, RADIUS, RSA, SuisseID, RBAC, SSO, Tomcat Authenticator, IIS ISAPI Filter, mTAN, PKI/X.509, Reverse Proxy, Multi-Factor, SOAP/REST Connectors, WebService Security, Office365, GoogleApps
WeblogicOracleCommercialSP
WSO2[71]wso2OSSIdP, SPOAuth2, WS-Trust, OpenID
ZXID[72]zxidOSSIdP, SP, ECP, IdP-Proxy, Discovery

ID-WSF2, XACML2, WS-Security, XML-DSIG, TAS3

Smartsignin[73]PerfectCloudCommercialIdP, Sp, SSOSAML 2.0, SAML 1.0, Google, Microsoft365, LDAP, WS-Federation

Libraries and toolkits to develop SAML actors and SAML-enabled services

Libraries and toolkits are used by developers to integrate applications and services into SAML federations or to build their own SAML-actors like IdPs.

Libraries and Toolkits Organization Licence Purpose and Language bindings
Australian Access Federation[74]Australian Access FederationOSSMetadata Registry based on former work by SWITCH
ComponentSpace[75]ComponentSpaceCommercialSAML libraries for .NET and ASP.NET applications
Corto[76]WAYFOSSSAML2 proxy, virtual IdP, user consent
DjangoSAML2[77] GitHub OSS SAML2 application for Django, using PySAML2 underneath
EmpowerID IdP & SP Kit[78]Dot Net FactoryCommercialIdP and SP Kit, .NET, REST, and SOAP-based integration kit to SAML-enable applications
FEMMA[79]SourceforgeOSSWorkaround for the ADFS limitation of a single EntityID per XML infoset
Firefox ECP Plugin[80]OpenlibertyOSSFirefox extension for compliance with SAML ECP
FLOG F-Ticks Vizualization[81]SUNETOSSParse and chart F-Ticks for webSSO and Eduroam (sample site: http://flog.sunet.se/)
Jagger[82]HEAnetOSSMetadata and Federation data manager; Shibboleth IDP GUI
JAKOB[83]WAYFOSSBackchannel attribute collector
JANUS[84]WAYFOSSMetadata Registry for hub-and-spoke federations based on SimpleSAMLphp; includes self-service
Jitbit ASP.NET SAML lib[85]GitHubOSSSAML 2.0 component for ASP.NET
Lasso[86]EntrouvertOSSSAML-Library: C/C++, Python, Java, Perl, PHP
OIOSAML 2.0 Toolkit[87]Danish IT and Telekom AgencyOSSSP Framework: Java, .NET,[88] PHP (Documentation see OIOSAML.java)
OmniAuth-Shibboleth[89]OneLoginOSSSAML-Library: ASP/.NET, Java, PHP, Python, Ruby
OneLogin[90]OneLoginOSSSAML-Library: ASP/.NET, Java, PHP, Python, Ruby
OpenConext[91]SURFnetOSSService Provider Proxy and Hub-and-Spoke federation middleware, includes SAML proxy and central group management for creating collaboration platforms
OpenSAML[92]Internet2OSSSAML-Library: C++, Java
MET[93] TERENA OSSgathers and shows information about federations (mostly about SPs and IdPs)
Mujina[94] SURFnet OSSSAML test actors that can be dynamically configured using a REST interface
PAC4J-SAML[95]OSSSAML Service Provider Library (and other authentication mechanisms)
PEER[96]GÉANTOSSSAML Metadata Registry
PHPH[97]WAYF.dkOSSSAML Metadata Processor
Ping Identity[98]Ping IdentityCommercialJava, .NET, PHP and language neutral integration kits to SAML-enable applications
PySAML2[99]GitHubOSSSAML-Library: Python
Python-SAML OneLogin OSS SAML-Library: Python
Pysfemma[100]GithubOSSautomate membership configuration of an ADFS STS in a SAML2 based Identity Federation
PyFF[101]SUNETOSSSAML Metadata Processor
Raptor[102]JiscOSStoolkit to enable Shibboleth IdP statistics analysis
SAML Metadata Aggregator[103]NORDUnetOSSAggregates single metadata files and provides MDX webservice
SAML Tracer (Firefox addon)[104]UNINETT ASOSSFirefox Plug-In to trace SAML messages
SpringSecurity SAML[105]SpringSourceOSSSAML-enable applications based on Spring framework
Switch GMT[106]SWITCH-AAIOSSGroup Management Tool for Shibboleth
Ultimate SAML[107]ComponentProCommercialSAML 1.1 and 2.0 Libraries for .NET
ZXID[108]zxidOSSC, other lang using swig.org

SAML-related Services

This section lists public services such as identity and attribute providers, metadata and test services, but *not* SAML-enabled web-applications and cloud services.

Service Organization Purpose
9STAR[109]9STAR9STAR Managed Services for Shibboleth/SAML SSO On-Premises or Cloud
9STAR[110]9STAR9STAR Shibboleth/SAML SSO Support Services
Acrot A-OK[111]ArcotIdP (+ Fraud detection)
eduTEAMs[112]SURFnetFederation enabled Group management service which acts as an Attribute Authority for group relations
Federation Lab[113]GÉANTTest-SP, metadata registry, test tools
Feide OpenIdP[114]UNINETT ASIdP that allows any user to register, and any SP to connect
Gazelle IHE validator[115]GazelleSAML Assertion Validation
Gluu On-Prem Managed Service[116]GluuIdP for SAML and OpenID Connect-enabled cloud services
Identity Hub[117]EntrouvertFree IdP; Any user and any SP
OneLogin SSO[118]OneLoginIdP for SAML- and OpenID-enabled cloud services
REEP[119]GÉANTPublic metadata registry
PhoneFactor[120]PhoneFactor Inc.IdP/cloud SSO
PingOne[121]Ping IdentityCloud Access and Application Provider Services for IdPs and SPs
SecureAuth[122]SecureAuth Corp.IdP, IdM, Multi-Protocol STS (multiple claims based integrations including SAML 1.1, 2.0 SP SSO, 2.0 IdP SSO, OpenID, .NET, CA SiteMinder and others
SSOCircle[123]SSOCircleFree IdP
Testshib[124]Internet2IdP and SP for testing
UnitedID[125]United ID ServicesFree IDP service
Verizon Web Access Management[126]Verizon BusinessIdP
ZXID[127]zxid.orgFree IdP

References

  1. "Kantara Initiative 2011 Q1 SAML 2.0 Full-Matrix Interoperability Testing".
  2. "Liberty Alliance SAML interoperability tests".
  3. "10Duke Identity Provider".
  4. "adAS".
  5. "Asimba".
  6. "AssureBridge".
  7. "Authentic2".
  8. "Bitium Single Sign-on".
  9. "CA Federation Manager".
  10. "Citrix Open Cloud Access".
  11. "RadiantOne Cloud Federation Service".
  12. "Cloudseal SSO for Java".
  13. "Comfact IDP".
  14. "Connectis/FederateNow".
  15. "Dot Net Workflow cloud and corporate SSO and Federation".
  16. "DirX Access".
  17. "DualShield unified authentication platform".
  18. "9STAR's Elastic SSO Team".
  19. "9STAR's Elastic SSO Enterprise".
  20. "Entrust GetAccess".
  21. "Entrust IdentityGuard".
  22. "EIC".
  23. "EmpowerID".
  24. "Open Source Access Management".
  25. "Horizon App Manager".
  26. "HP IceWall SSO".
  27. "ILANTUS Xpress Sign-On".
  28. "Intel Cloud SSO".
  29. "Ilex".
  30. "Avoco Identity".
  31. "iWelcome".
  32. "JOSSO (Community Edition)".
  33. "JOSSO (Enterprise Edition)".
  34. "Juniper SSL VPN" (PDF).
  35. "Kanban Tool SSO".
  36. "Keycloak". JBoss Community.
  37. "Layer 7".
  38. "Larpe".
  39. "LemonLDAP::NG".
  40. "NetIQ Access Manager".
  41. "NetWeaver Appserver".
  42. "Mobilityguard OneGate". mobilityguard.com. Retrieved 2016-02-20.
  43. "OpenAM".
  44. "Cloud service platform".
  45. "OneLogin Single Sign On".
  46. "OpenAthens LA".
  47. "OpenAthens SP".
  48. "OpenASelect".
  49. "RCDevs".
  50. "Optimal IdM VIS Federation Services".
  51. "Oracle Identity Federation 11g".
  52. "Pega7".
  53. "PhoneFactor".
  54. "PicketLink".
  55. "PingFederate".
  56. "PortalGuard".
  57. "RSA Federated Identity Manager".
  58. "Safewhere*Identify".
  59. "SailPoint IdentityNow".
  60. "Samanage".
  61. "SecureAuth".
  62. "SimpleSAMLphp".
  63. "SMS PASSCODE".
  64. "SSO EasyConnect".
  65. Symlabs "Federated Identity Suite" Check |url= value (help).
  66. "Symplified".
  67. "Tivoli Federated Identity Manager".
  68. "TrustBind/Federation Manager".
  69. "TrustBuilder".
  70. "USP Secure Entry Server®".
  71. "WSO2".
  72. "ZXID".
  73. "Smartsignin Single Sign-on".
  74. "Federation Registry".
  75. "ComponentSpace".
  76. "cortoweb".
  77. "knaperek/djangosaml2". GitHub. Retrieved 2016-06-08.
  78. "EmpowerID Dot Net Workflow Idp & SP Kit".
  79. "Federation Metadata Manager for ADFS".
  80. "Firefox ECP Plugin".
  81. "FLOG".
  82. "JAGGER (ResourceRegistry3".
  83. "JAKOB Attribute Collector".
  84. "JANUS".
  85. "Jitbit SAML toolkil".
  86. "Lasso".
  87. "OIOSAML 2.0 Toolkit".
  88. "OIOSAM.net Service Provider Framework" (PDF).
  89. "Shibboleth Binding for OmniAuth 1.x".
  90. "SAML Toolkits from OneLogin".
  91. "OpenConext".
  92. "OpenSAML".
  93. "Metadata Explorer Tool".
  94. "Mujina Mock IdP and SP".
  95. "PAC4J Security Engine".
  96. "PEER".
  97. "PHPH".
  98. "PingFederate Integration Kits".
  99. "PySAML2".
  100. "Pysfemma".
  101. "PyFF".
  102. "Raptor".
  103. "SAML Metadata Aggregator".
  104. "SAML Tracer".
  105. "SpringSecurity SAML Site".
  106. "SWITCH Group Management Tool".
  107. "Ultimate SAML".
  108. "ZXID".
  109. "9STAR Shibboleth/SAML SSO Services".
  110. "9STAR Shibboleth/SAML SSO Support".
  111. "Arcot A-OK".
  112. "eduTEAMs".
  113. "Federation Lab".
  114. "Feide OpenIdP".
  115. "Gazelle IHE interop test framework".
  116. "Gluu On-Prem Managed Service".
  117. "Identity Hub".
  118. "OneLogin SSO".
  119. "RE:EP".
  120. "Phonefactor".
  121. "PingOne".
  122. "SecureAuth Corp.".
  123. "SSO Circle IDP".
  124. "Testshib.org".
  125. "United ID".
  126. "Verizon Web Access Management as a Service".
  127. "ZXIDP.org".
This article is issued from Wikipedia - version of the 12/2/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.