SAML-based products and services
SAML is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This document provides an overview about products and services that implement SAML 2.0 key actors like Identity providers or components to enable services to be SAML-enabled.
Products that provide SAML actors
SAML actors are Identity Providers (IdP), Service Providers (SP), Discovery Services, Metadata services etc. This table shows the capability of products according to Kantara Initiative testing.[1][2] Claimed capabilities are in column "other". Each mark denotes that at least one interoperability test was passed. Detailed results with product and test procedure versions are available at the Kantara/Liberty site given below.
NOTE: This table represents a snapshot over time roll up of the most recent product test results (multiple testing rounds). Please note that some products features and abilities may have been updated since they were last tested. Please check the website information of the originating product for the latest features and updates.
Product Name | Project/Vendor | License | Kantara-certified Interoperability | Other Features | |||||||
IdP | IdP Light | SP | SP Light | eGov 1.5 | Attr Auth Resp. | POST Bind. | Roles | Protocols | |||
---|---|---|---|---|---|---|---|---|---|---|---|
adAS[3] | PRiSE | OSS | X | X | X | X | X | X | X | IdP, SP, Federation | WS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Google, Microsoft365, Facebook, Kerberos, LDAP |
ADFS 2.0 | Microsoft | Commercial | X | X | X | WS-Federation, WS-Trust, SAML 2.0 | |||||
Asimba[4] | Asimba.org | OSS | IDP | (Fork of OpenASelect) | |||||||
AssureBridge SAMLConnect[5] | AssureBridge | Commercial | X | X | X | X | IdP, SP | SAML 1.1, SAML 2.0, OpenID, WS-Federation, | |||
Authentic2[6] | Entrouvert | OSS | IdP, SP | OpenID 1&2, CAS 1&2, OAuth2, LDAP 2&3, PAM, RADIUS, OATH, Kerberos, X509 | |||||||
Bitium[7] | Bitium | Commercial | IdP, SP | SAML 2.0 | |||||||
CA Federation Manager[8] | CA | Commercial | X | X | X | WS-Federation | |||||
Centrify DirectControl | Centrify | Commercial | Broker | SAML, OpenID, OAuth, WS-*, LDAP, Kerberos | |||||||
Citrix Open Cloud[9] | Citrix | Commercial | SSO Middleware | ||||||||
Cloud Identity Manager | McAfee | Commercial | Broker | SAML 2, OpenID, OAuth, XACML, LDAP v3, JM | |||||||
Cloud Federation Service[10] | Radiant Logic | Commercial | IdP, SP | SAML 2.0, WS-Federation, OAuth 2.0, OpenID | |||||||
Cloudseal[11] | Cloudseal | SaaS | IdP, SP | ||||||||
Comfact IDP[12] | Comfact | Commercial | IdP | - | |||||||
Connectis[13] | Connectis | Commercial | IdP, SP | ||||||||
Corto https://sites.google.com/site/cortopages/ | Corto project home | GÉANT | OSS | Broker | ||||||||
Dot Net Workflow[14] | The Dot Net Factory | Commercial | X | X | IdP,SP | WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN) | |||||
DirX Access[15] | Atos/Siemens | Commercial | X | X | X | ||||||
DualShield[16] | Deepnet Security | Commercial | X | X | X | X | IdP | SAML 2.0 | |||
Elastic SSO Team[17] | 9STAR | Commercial | X | X | X | X | IdP | SAML 2.0 SAML 1.1 | |||
Elastic SSO Enterprise[18] | 9STAR | Commercial | X | X | X | X | IdP | SAML 2.0 SAML 1.1 | |||
ESOE | Queensland University of Technology | OSS | Idp, Sp | ||||||||
Entrust GetAccess[19] | Entrust | Commercial | X | X | X | X | X | X | |||
Entrust IdentityGuard[20] | Entrust | Commercial | X | X | X | X | X | X | |||
EIC[21] | Ericsson | Commercial | X | ||||||||
EmpowerID[22] | The Dot Net Factory | Commercial | IdP,SP | WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN) | |||||||
BIG-IP Access Policy Manager | F5 Networks | Commercial | IDP, SP, Broker | SAML 2.0 | |||||||
Fugen Cloud ID Broker | Fugen Solutions | Commercial | Broker | SAML 1.1, SAML 2.0, WS-Federation, WS-Trust, OpenID, and OAuth | |||||||
Gluu Server[23] | Gluu | OSS | X | X | SAML OpenID Connect IDP, UMA PDP | OpenID Connect, UMA, RADIUS, LDAP | |||||
Horizon App Manager[24] | VMware | Commercial | X | X | X | X | X | ||||
HP IceWall SSO[25] | HP | Commercial | SP | SAML 2 | |||||||
ILANTUS Sign On Express[26] | Ilantus | Commercial | IdP, SP | SAML 2 | |||||||
Intel Cloud SSO[27] | Intel | Commercial | IdP, SP | SAML 2, OpenID, OAuth | |||||||
Ilex Sign&go[28] | ILEX | Commercial | X | X | X | X | X | X | X | IdP, SP, Federation | WS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Shibboleth, CAS, Google, Microsoft365, Facebook, Kerberos, LDAP |
iSAML[29] | Avoco | Commercial | IdP | SAML 2, WS-Trust, OpenID | |||||||
iWelcome[30] | iWelcome | Commercia | X | X | X | X | X | X | X | IdP | SAML 2, SAML 1.0, WS-Trust, Kerberos, OAuth2, facebook, google, includes provisioning from-to on-Prem, AD, Multi-factor, extended integration functionalities |
JOSSO (Community Ed.)[31] | josso.org | OSS | X | IdP,SP | SAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1 | ||||||
JOSSO (Enterprise Ed.)[32] | Atricore | Commercial | X | IdP,SP | SAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1 | ||||||
Juniper SSL VPN[33] | Juniper Networks | Commercial | IDP, SP | ||||||||
Layer 7[34] | SecureSpan Gateway | Commercial | X | X | PDP/PEP | OAuth2, SAML 1.1, SAML2, ABAC, OpenID Connect, XML Firewall | |||||
Larpe[35] | Entrouvert | OSS | X | X | SAML Reverse Proxy | OpenID, CAS, OAuth | |||||
LemonLDAP[36] | LemonLDAP | OSS | IDP, SP | WS-Federation, CAS, OpenID, Twitter, Protocol proxy | |||||||
NetIQ Access Manager[37] | NetIQ (formerly Novell) | Commercial | X | X | X | X | X | X | X | IdP, SP | WS-Security, WS-Federation, WS-Trust, SAML 1.1 / 2.0, Liberty, Single Sign-on, RBAC, CardSpace, OAuth, OpenID, STS. Includes integration with cloud and social media providers (Office 365, Windows Live (MSN), Google, Facebook, etc.) |
NetWeaver Appserver[38] | SAP | Commercial | (pending) | CAS, OpenId, Twitter | |||||||
OpenAM[39] | ForgeRock (ex. Sun) | OSS | X | X | X | X | X | X | X | ECP, IdP Proxy | OpenID Connect, OAuth2, SAML 2.0, SAML 1.1, WS-Federation, WS-Trust, XACML, Liberty, Kerberos, Facebook, Google, Windows Live (MSN) |
Okta[40] | Okta | Commercial | IdP, SP | ||||||||
OneLogin[41] | OneLogin | Commercial | IdP, SP | SAML, WS-Federation, Kerberos, OAuth, OpenID | |||||||
OpenAthens LA[42] | eduserv | Commercial | IdP | ||||||||
OpenAthens SP[43] | eduserv | Commercial | SP | ||||||||
Open Select[44] | OpenASelect.org | OSS | IDP | OAuth (project continues as asimba) | |||||||
OpenOTP/TiQR SAML IdP[45] | RCDevs | Free | X | X | IdP | SAML 2.0, OpenID 1.1/2.0, RADIUS, LDAP | |||||
Optimal IdM VIS Federation Services[46] | Optimal IdM | Commercial | X | X | X | IdP, SP, Broker, SSO | WS-Federation, WS-Trust, SAML 1.x, SAML 2.0, OpenID 2.0, Kerberos, LDAP, Office 365, RADIUS, OAUTH, multi-factor | ||||
Oracle Identity Federation 11g[47] | Oracle | Commercial | X | X | X | IdP, SP | WS-Federation, SAML 1.x, SAML 2.0, OpenID 2.0 | ||||
PhoneFactor[48] | PhoneFactor, Inc | commercial | IDP | ||||||||
PicketLink[49] | JBoss Community | OSS | (pending) | OpenID, A-Select, CAS, XACML | |||||||
Keycloak | Services | Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications[50] | |||||||||
PingFederate[51] | Ping Identity | Commercial | X | X | WS-Federation, WS-Trust, OpenID, OAuth, Facebook, LinkedIn, Twitter, Windows Live | ||||||
PortalGuard[52] | PistolStar, Inc. | Commercial | IdP, SP, SSO, Middleware | SAML 2, LDAP v3, XML-DSIG | |||||||
RSA Federated Identity[53] | RSA | Commercial | X | X | X | Facebook, OpenID, LinkedIn, Twitter, Windows Live | |||||
Safewhere*Identify[54] | Safewhere | Commercial | IdP,SP | SAML 2.0, WS-Federation, WS-Trust, OAuth 2.0, multi-factor, OpenID Connect, Facebook, LinkedIn, Twitter, LiveID, Google, LDAP | |||||||
Samanage[55] | Samanage | Commercial | Enterprise-to-cloud SSO Middleware | ||||||||
SecureAuth[56] | SecureAuth Corp. | Commercial | X | X | X | X | X | X | X | IdP, SP | 2-Factor, IBM LTPA, Facebook, Google, LinkedIn, Microsoft FBA, Microsoft IWA, OAUTH, OpenID, OpenID Connect, SAML 1.1, SAML 2.0, Twitter, WebServices, Windows Live, X.509v3, Yahoo |
Shibboleth | Internet2 | OSS | IdP, SP, Discovery | SAML 1.1, SAML 2.0 | |||||||
SimpleSAMLphp[57] | UNINETT AS | OSS | X | X | OpenID, A-Select, CAS, WS-Federation and OAuth,Facebook,LinkedIn,Twitter, Windows Live | ||||||
SMS PASSCODE Multi-factor Authentication[58] | SMS PASSCODE | Commercial | IdP? | ||||||||
SSO EasyConnect[59] | SSO Easy | Commercial | IdP, SP | ||||||||
Symlabs Federated Identity Suite[60] | Symlabs | Commercial | X | X | X | X | X | X | ECP | OpenID, A-Select, CAS, WS-Federation and OAuth | |
Symplified[61] | Symplified | Commercial | X | X | X | X | X | X | X | IdP, SP, Broker | SAML 1.1, SAML 2.0, WS-Federation, OpenID, OAuth, XACML, IBM LTPA, Microsoft IWA, 2-Factor, Facebook, Google, Twitter, ABAC / context-based AC |
Tivoli Federated Identity Manager[62] | IBM | Commercial | X | X | X | X | X | X | X | WS-Federation, OpenID, Liberty, InfoCard, Microsoft CardSpace | |
TrustBind[63] | NTT Software Corp | Commercial | X | X | X | X | X | ECP | OpenID, ID-WSF | ||
TrustBuilder[64] | SecurIT | Commercial | IdP, SP, IdP-Proxy | SAML 2.0, OAuth 2.0, OpenID Connect, Kerberos | |||||||
Ubisecure[65] | Ubisecure SSO | Ubisecure Solutions | Commercial | X | X | X | X | X | ECP, Discovery | SAML 2.0, ETSI MSS 102 204, TUPAS, WS-Federation, OpenID | ||
USP Secure Entry Server®[66] | United Security Providers | Commercial | SP, IdP, IdP-Proxy | SAML 2.0, SAML 1.0, Kerberos, NTLM, LDAP, RADIUS, RSA, SuisseID, RBAC, SSO, Tomcat Authenticator, IIS ISAPI Filter, mTAN, PKI/X.509, Reverse Proxy, Multi-Factor, SOAP/REST Connectors, WebService Security, Office365, GoogleApps | |||||||
Weblogic | Oracle | Commercial | SP | ||||||||
WSO2[67] | wso2 | OSS | IdP, SP | OAuth2, WS-Trust, OpenID | |||||||
ZXID[68] | zxid | OSS | IdP, SP, ECP, IdP-Proxy, Discovery |
ID-WSF2, XACML2, WS-Security, XML-DSIG, TAS3 |
Libraries and toolkits to develop SAML actors and SAML-enabled services
Libraries and toolkits are used by developers to integrate applications and services into SAML federations or to build their own SAML-actors like IdPs.
Libraries and Toolkits | Organization | Licence | Purpose and Language bindings |
Australian Access Federation[69] | Australian Access Federation | OSS | Metadata Registry based on former work by SWITCH |
ComponentSpace[70] | ComponentSpace | Commercial | SAML libraries for .NET and ASP.NET applications |
Corto[71] | WAYF | OSS | SAML2 proxy, virtual IdP, user consent |
EmpowerID IdP & SP Kit[72] | Dot Net Factory | Commercial | IdP and SP Kit, .NET, REST, and SOAP-based integration kit to SAML-enable applications |
FEMMA[73] | Sourceforge | OSS | Workaround for the ADFS limitation of a single EntityID per XML infoset |
Firefox ECP Plugin[74] | Openliberty | OSS | Firefox extension for compliance with SAML ECP |
FLOG F-Ticks Vizualization[75] | SUNET | OSS | Parse and chart F-Ticks for webSSO and Eduroam (sample site: http://flog.sunet.se/) |
JAKOB[76] | WAYF | OSS | Backchannel attribute collector |
JANUS[77] | WAYF | OSS | Metadata Registry for hub-and-spoke federations based on SimpleSAMLphp; includes self-service |
Lasso[78] | Entrouvert | OSS | SAML-Library: C/C++, Python, Java, Perl, PHP |
OIOSAML 2.0 Toolkit[79] | Danish IT and Telekom Agency | OSS | SP Framework: Java, .NET,[80] PHP (Documentation see OIOSAML.java) |
OmniAuth-Shibboleth[81] | OneLogin | OSS | SAML-Library: ASP/.NET, Java, PHP, Python, Ruby |
OneLogin[82] | OneLogin | OSS | SAML-Library: ASP/.NET, Java, PHP, Python, Ruby |
OpenConext[83] | SURFnet | OSS | Federation-enabled Collaboration SW |
OpenSAML[84] | Internet2 | OSS | SAML-Library: C++, Java |
MET[85] | TERENA | OSS | gathers and shows information about federations (mostly about SPs and IdPs) |
Mujina[86] | SURFnet | OSS | SAML test actors that can be dynamically configured using a REST interface |
Ping Identity[87] | Ping Identity | Commercial | Java, .NET, PHP and language neutral integration kits to SAML-enable applications |
PySAML2[88] | LaunchPad | OSS | SAML-Library: Python |
Pysfemma[89] | Github | OSS | automate membership configuration of an ADFS STS in a SAML2 based Identity Federation |
PyFF[90] | sunet.se | OSS | SAML Metadata Processor |
Raptor[91] | Jisc | OSS | toolkit to enable Shibboleth IdP statistics analysis |
SAML Metadata Aggregator[92] | NORDUnet | OSS | Aggregates single metadata files and provides MDX webservice |
SAML Tracer (Firefox addon)[93] | UNINETT AS | OSS | Firefox Plug-In to trace SAML messages |
SpringSecurity SAML[94] | SpringSource | OSS | SAML-enable applications based on Spring framework |
Switch GMT[95] | SWITCH-AAI | OSS | Group Management Tool for Shibboleth |
Ultimate SAML[96] | ComponentPro | Commercial | SAML 1.1 and 2.0 Libraries for .NET |
ZXID[97] | zxid | OSS | C, other lang using swig.org |
SAML-related Services
This section lists public services such as identity and attribute providers, metadata and test services, but *not* SAML-enabled web-applications and cloud services.
Service | Organization | Purpose |
9STAR[98] | 9STAR | 9STAR Managed Services for Shibboleth/SAML SSO On-Premises or Cloud |
9STAR[99] | 9STAR | 9STAR Shibboleth/SAML SSO Support Services |
Acrot A-OK[100] | Arcot | IdP (+ Fraud detection) |
Federation Lab[101] | GÉANT | Test-SP, metadata registry, test tools |
Feide OpenIdP[102] | UNINETT AS | IdP that allows any user to register, and any SP to connect |
Gazelle IHE validator[103] | Gazelle | SAML Assertion Validation |
Gluu On-Prem Managed Service[104] | Gluu | IdP for SAML and OpenID Connect-enabled cloud services |
Identity Hub[105] | Entrouvert | Free IdP; Any user and any SP |
OneLogin SSO[106] | OneLogin | IdP for SAML- and OpenID-enabled cloud services |
PEER[107] | Internet2 | Public metadata registry |
PhoneFactor[108] | PhoneFactor Inc. | IdP/cloud SSO |
PingOne[109] | Ping Identity | Cloud Access and Application Provider Services for IdPs and SPs |
SecureAuth[110] | SecureAuth Corp. | IdP, IdM, Multi-Protocol STS (multiple claims based integrations including SAML 1.1, 2.0 SP SSO, 2.0 IdP SSO, OpenID, .NET, CA SiteMinder and others |
SSOCircle[111] | SSOCircle | Free IdP |
Testshib[112] | Internet2 | IdP and SP for testing |
UnitedID[113] | United ID Services | Free IDP service |
Verizon Web Access Management[114] | Verizon Business | IdP |
ZXID[115] | zxid.org | Free IdP |
References
- ↑ "Kantara Initiative 2011 Q1 SAML 2.0 Full-Matrix Interoperability Testing".
- ↑ "Liberty Alliance SAML interoperability tests".
- ↑ "adAS".
- ↑ "Asimba".
- ↑ "AssureBridge".
- ↑ "Authentic2".
- ↑ "Bitium Single Sign-on".
- ↑ "CA Federation Manager".
- ↑ "Citrix Open Cloud Access".
- ↑ "RadiantOne Cloud Federation Service".
- ↑ "Cloudseal SSO for Java".
- ↑ "Comfact IDP".
- ↑ "Connectis/FederateNow".
- ↑ "Dot Net Workflow cloud and corporate SSO and Federation".
- ↑ "DirX Access".
- ↑ "DualShield unified authentication platform".
- ↑ "9STAR's Elastic SSO Team".
- ↑ "9STAR's Elastic SSO Enterprise".
- ↑ "Entrust GetAccess".
- ↑ "Entrust IdentityGuard".
- ↑ "EIC".
- ↑ "EmpowerID".
- ↑ "Open Source Access Management".
- ↑ "Horizon App Manager".
- ↑ "HP IceWall SSO".
- ↑ "ILANTUS Sign On Express".
- ↑ "Intel Cloud SSO".
- ↑ "Ilex".
- ↑ "Avoco Identity".
- ↑ "iWelcome".
- ↑ "JOSSO (Community Edition)".
- ↑ "JOSSO (Enterprise Edition)".
- ↑ "Juniper SSL VPN".
- ↑ "Layer 7".
- ↑ "Larpe".
- ↑ "LemonLDAP::NG".
- ↑ "NetIQ Access Manager".
- ↑ "NetWeaver Appserver".
- ↑ "OpenAM".
- ↑ "Cloud service platform".
- ↑ "OneLogin Single Sign On".
- ↑ "OpenAthens LA".
- ↑ "OpenAthens SP".
- ↑ "OpenASelect".
- ↑ "RCDevs".
- ↑ "Optimal IdM VIS Federation Services".
- ↑ "Oracle Identity Federation 11g".
- ↑ "PhoneFactor".
- ↑ "PicketLink".
- ↑ "Keycloak". JBoss Community.
- ↑ "PingFederate".
- ↑ "PortalGuard".
- ↑ "RSA Federated Identity Manager".
- ↑ "Safewhere*Identify".
- ↑ "Samanage".
- ↑ "SecureAuth".
- ↑ "SimpleSAMLphp".
- ↑ "SMS PASSCODE".
- ↑ "SSO EasyConnect".
- ↑ Symlabs "Federated Identity Suite".
- ↑ "Symplified".
- ↑ "Tivoli Federated Identity Manager".
- ↑ "TrustBind/Federation Manager".
- ↑ "TrustBuilder".
- ↑ "Ubisecure SSO".
- ↑ "USP Secure Entry Server®".
- ↑ "WSO2".
- ↑ "ZXID".
- ↑ "Federation Registry".
- ↑ "ComponentSpace".
- ↑ "cortoweb".
- ↑ "EmpowerID Dot Net Workflow Idp & SP Kit".
- ↑ "Federation Metadata Manager for ADFS".
- ↑ "Firefox ECP Plugin".
- ↑ "FLOG".
- ↑ "JAKOB Attribute Collector".
- ↑ "JANUS".
- ↑ "Lasso".
- ↑ "OIOSAML 2.0 Toolkit".
- ↑ "OIOSAM.net Service Provider Framework".
- ↑ "Shibboleth Binding for OmniAuth 1.x".
- ↑ "SAML Toolkits from OneLogin".
- ↑ "OpenConext".
- ↑ "OpenSAML".
- ↑ "Metadata Explorer Tool".
- ↑ "Mujina Mock IdP and SP".
- ↑ "PingFederate Integration Kits".
- ↑ "PySAML2".
- ↑ "Pysfemma".
- ↑ "PyFF".
- ↑ "Raptor".
- ↑ "SAML Metadata Aggregator".
- ↑ "SAML Tracer".
- ↑ "SpringSecurity SAML Site".
- ↑ "SWITCH Group Management Tool".
- ↑ "Ultimate SAML".
- ↑ "ZXID".
- ↑ "9STAR Shibboleth/SAML SSO Services".
- ↑ "9STAR Shibboleth/SAML SSO Support".
- ↑ "Arcot A-OK".
- ↑ "Federation Lab".
- ↑ "Feide OpenIdP".
- ↑ "Gazelle IHE interop test framework".
- ↑ "Gluu On-Prem Managed Service".
- ↑ "Identity Hub".
- ↑ "OneLogin SSO".
- ↑ "PEER".
- ↑ "Phonefactor".
- ↑ "PingOne".
- ↑ "SecureAuth Corp.".
- ↑ "SSO Circle IDP".
- ↑ "Testshib.org".
- ↑ "United ID".
- ↑ "Verizon Web Access Management as a Service".
- ↑ "ZXIDP.org".