SAML-based products and services

SAML is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This document provides an overview about products and services that implement SAML 2.0 key actors like Identity providers or components to enable services to be SAML-enabled.

Products that provide SAML actors

SAML actors are Identity Providers (IdP), Service Providers (SP), Discovery Services, Metadata services etc. This table shows the capability of products according to Kantara Initiative testing.[1][2] Claimed capabilities are in column "other". Each mark denotes that at least one interoperability test was passed. Detailed results with product and test procedure versions are available at the Kantara/Liberty site given below.

NOTE: This table represents a snapshot over time roll up of the most recent product test results (multiple testing rounds). Please note that some products features and abilities may have been updated since they were last tested. Please check the website information of the originating product for the latest features and updates.

Product Name Project/Vendor License Kantara-certified Interoperability Other Features
IdP IdP Light SP SP Light eGov 1.5 Attr Auth Resp. POST Bind. Roles Protocols
adAS[3] PRiSEOSSXXXXXXXIdP, SP, FederationWS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Google, Microsoft365, Facebook, Kerberos, LDAP
ADFS 2.0MicrosoftCommercialXXXWS-Federation, WS-Trust, SAML 2.0
Asimba[4]Asimba.orgOSSIDP(Fork of OpenASelect)
AssureBridge SAMLConnect[5]AssureBridgeCommercialXXXXIdP, SPSAML 1.1, SAML 2.0, OpenID, WS-Federation,
Authentic2[6]EntrouvertOSSIdP, SPOpenID 1&2, CAS 1&2, OAuth2, LDAP 2&3, PAM, RADIUS, OATH, Kerberos, X509
Bitium[7]BitiumCommercialIdP, SPSAML 2.0
CA Federation Manager[8]CACommercialXXXWS-Federation
Centrify DirectControlCentrifyCommercialBroker SAML, OpenID, OAuth, WS-*, LDAP, Kerberos
Citrix Open Cloud[9]CitrixCommercialSSO Middleware
Cloud Identity ManagerMcAfeeCommercialBroker SAML 2, OpenID, OAuth, XACML, LDAP v3, JM
Cloud Federation Service[10]Radiant LogicCommercialIdP, SPSAML 2.0, WS-Federation, OAuth 2.0, OpenID
Cloudseal[11]CloudsealSaaSIdP, SP
Comfact IDP[12]ComfactCommercialIdP-
Connectis[13]ConnectisCommercialIdP, SP
Corto https://sites.google.com/site/cortopages/ | Corto project homeGÉANTOSSBroker
Dot Net Workflow[14]The Dot Net FactoryCommercialXXIdP,SP WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN)
DirX Access[15]Atos/SiemensCommercialXXX
DualShield[16]Deepnet SecurityCommercialXXXXIdPSAML 2.0
Elastic SSO Team[17]9STARCommercialXXXXIdPSAML 2.0 SAML 1.1
Elastic SSO Enterprise[18]9STARCommercialXXXXIdPSAML 2.0 SAML 1.1
ESOEQueensland University of TechnologyOSSIdp, Sp
Entrust GetAccess[19]EntrustCommercialXXXXXX
Entrust IdentityGuard[20]EntrustCommercialXXXXXX
EIC[21]EricssonCommercialX
EmpowerID[22]The Dot Net FactoryCommercialIdP,SP WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN)
BIG-IP Access Policy ManagerF5 Networks CommercialIDP, SP, BrokerSAML 2.0
Fugen Cloud ID BrokerFugen Solutions CommercialBrokerSAML 1.1, SAML 2.0, WS-Federation, WS-Trust, OpenID, and OAuth
Gluu Server[23]GluuOSSXXSAML OpenID Connect IDP, UMA PDPOpenID Connect, UMA, RADIUS, LDAP
Horizon App Manager[24]VMwareCommercialXXXXX
HP IceWall SSO[25]HPCommercialSP SAML 2
ILANTUS Sign On Express[26]IlantusCommercialIdP, SP SAML 2
Intel Cloud SSO[27]IntelCommercialIdP, SP SAML 2, OpenID, OAuth
Ilex Sign&go[28] ILEXCommercialXXXXXXXIdP, SP, FederationWS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Shibboleth, CAS, Google, Microsoft365, Facebook, Kerberos, LDAP
iSAML[29]AvocoCommercialIdP SAML 2, WS-Trust, OpenID
iWelcome[30]iWelcomeCommerciaXXXXXXXIdP SAML 2, SAML 1.0, WS-Trust, Kerberos, OAuth2, facebook, google, includes provisioning from-to on-Prem, AD, Multi-factor, extended integration functionalities
JOSSO (Community Ed.)[31]josso.orgOSSXIdP,SPSAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1
JOSSO (Enterprise Ed.)[32]AtricoreCommercialXIdP,SPSAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1
Juniper SSL VPN[33]Juniper NetworksCommercialIDP, SP
Layer 7[34]SecureSpan GatewayCommercialXXPDP/PEPOAuth2, SAML 1.1, SAML2, ABAC, OpenID Connect, XML Firewall
Larpe[35]EntrouvertOSSXXSAML Reverse ProxyOpenID, CAS, OAuth
LemonLDAP[36]LemonLDAPOSSIDP, SPWS-Federation, CAS, OpenID, Twitter, Protocol proxy
NetIQ Access Manager[37]NetIQ (formerly Novell)CommercialXXXXXXXIdP, SPWS-Security, WS-Federation, WS-Trust, SAML 1.1 / 2.0, Liberty, Single Sign-on, RBAC, CardSpace, OAuth, OpenID, STS. Includes integration with cloud and social media providers (Office 365, Windows Live (MSN), Google, Facebook, etc.)
NetWeaver Appserver[38]SAPCommercial(pending)CAS, OpenId, Twitter
OpenAM[39]ForgeRock (ex. Sun)OSSXXXXXXXECP, IdP ProxyOpenID Connect, OAuth2, SAML 2.0, SAML 1.1, WS-Federation, WS-Trust, XACML, Liberty, Kerberos, Facebook, Google, Windows Live (MSN)
Okta[40]OktaCommercialIdP, SP
OneLogin[41]OneLoginCommercialIdP, SPSAML, WS-Federation, Kerberos, OAuth, OpenID
OpenAthens LA[42]eduservCommercialIdP
OpenAthens SP[43]eduservCommercialSP
Open Select[44]OpenASelect.orgOSSIDPOAuth (project continues as asimba)
OpenOTP/TiQR SAML IdP[45]RCDevsFreeXXIdPSAML 2.0, OpenID 1.1/2.0, RADIUS, LDAP
Optimal IdM VIS Federation Services[46]Optimal IdMCommercialXXXIdP, SP, Broker, SSOWS-Federation, WS-Trust, SAML 1.x, SAML 2.0, OpenID 2.0, Kerberos, LDAP, Office 365, RADIUS, OAUTH, multi-factor
Oracle Identity Federation 11g[47]OracleCommercialXXXIdP, SPWS-Federation, SAML 1.x, SAML 2.0, OpenID 2.0
PhoneFactor[48] PhoneFactor, Inc commercialIDP
PicketLink[49]JBoss CommunityOSS(pending)OpenID, A-Select, CAS, XACML
Keycloak Services Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications[50]
PingFederate[51]Ping IdentityCommercialXXWS-Federation, WS-Trust, OpenID, OAuth, Facebook, LinkedIn, Twitter, Windows Live
PortalGuard[52]PistolStar, Inc.CommercialIdP, SP, SSO, MiddlewareSAML 2, LDAP v3, XML-DSIG
RSA Federated Identity[53]RSACommercialXXXFacebook, OpenID, LinkedIn, Twitter, Windows Live
Safewhere*Identify[54]SafewhereCommercialIdP,SPSAML 2.0, WS-Federation, WS-Trust, OAuth 2.0, multi-factor, OpenID Connect, Facebook, LinkedIn, Twitter, LiveID, Google, LDAP
Samanage[55]SamanageCommercialEnterprise-to-cloud SSO Middleware
SecureAuth[56]SecureAuth Corp.CommercialXXXXXXXIdP, SP 2-Factor, IBM LTPA, Facebook, Google, LinkedIn, Microsoft FBA, Microsoft IWA, OAUTH, OpenID, OpenID Connect, SAML 1.1, SAML 2.0, Twitter, WebServices, Windows Live, X.509v3, Yahoo
ShibbolethInternet2OSSIdP, SP, DiscoverySAML 1.1, SAML 2.0
SimpleSAMLphp[57]UNINETT ASOSSXXOpenID, A-Select, CAS, WS-Federation and OAuth,Facebook,LinkedIn,Twitter, Windows Live
SMS PASSCODE Multi-factor Authentication[58]SMS PASSCODECommercialIdP?
SSO EasyConnect[59]SSO EasyCommercialIdP, SP
Symlabs Federated Identity Suite[60]SymlabsCommercialXXXXXXECPOpenID, A-Select, CAS, WS-Federation and OAuth
Symplified[61]SymplifiedCommercialXXXXXXXIdP, SP, BrokerSAML 1.1, SAML 2.0, WS-Federation, OpenID, OAuth, XACML, IBM LTPA, Microsoft IWA, 2-Factor, Facebook, Google, Twitter, ABAC / context-based AC
Tivoli Federated Identity Manager[62]IBMCommercialXXXXXXXWS-Federation, OpenID, Liberty, InfoCard, Microsoft CardSpace
TrustBind[63]NTT Software CorpCommercialXXXXXECPOpenID, ID-WSF
TrustBuilder[64]SecurITCommercialIdP, SP, IdP-ProxySAML 2.0, OAuth 2.0, OpenID Connect, Kerberos
Ubisecure[65] | Ubisecure SSO Ubisecure Solutions CommercialXXXXXECP, DiscoverySAML 2.0, ETSI MSS 102 204, TUPAS, WS-Federation, OpenID
USP Secure Entry Server®[66]United Security ProvidersCommercialSP, IdP, IdP-ProxySAML 2.0, SAML 1.0, Kerberos, NTLM, LDAP, RADIUS, RSA, SuisseID, RBAC, SSO, Tomcat Authenticator, IIS ISAPI Filter, mTAN, PKI/X.509, Reverse Proxy, Multi-Factor, SOAP/REST Connectors, WebService Security, Office365, GoogleApps
WeblogicOracleCommercialSP
WSO2[67]wso2OSSIdP, SPOAuth2, WS-Trust, OpenID
ZXID[68]zxidOSSIdP, SP, ECP, IdP-Proxy, Discovery

ID-WSF2, XACML2, WS-Security, XML-DSIG, TAS3

Libraries and toolkits to develop SAML actors and SAML-enabled services

Libraries and toolkits are used by developers to integrate applications and services into SAML federations or to build their own SAML-actors like IdPs.

Libraries and Toolkits Organization Licence Purpose and Language bindings
Australian Access Federation[69]Australian Access FederationOSSMetadata Registry based on former work by SWITCH
ComponentSpace[70]ComponentSpaceCommercialSAML libraries for .NET and ASP.NET applications
Corto[71]WAYFOSSSAML2 proxy, virtual IdP, user consent
EmpowerID IdP & SP Kit[72]Dot Net FactoryCommercialIdP and SP Kit, .NET, REST, and SOAP-based integration kit to SAML-enable applications
FEMMA[73]SourceforgeOSSWorkaround for the ADFS limitation of a single EntityID per XML infoset
Firefox ECP Plugin[74]OpenlibertyOSSFirefox extension for compliance with SAML ECP
FLOG F-Ticks Vizualization[75]SUNETOSSParse and chart F-Ticks for webSSO and Eduroam (sample site: http://flog.sunet.se/)
JAKOB[76]WAYFOSSBackchannel attribute collector
JANUS[77]WAYFOSSMetadata Registry for hub-and-spoke federations based on SimpleSAMLphp; includes self-service
Lasso[78]EntrouvertOSSSAML-Library: C/C++, Python, Java, Perl, PHP
OIOSAML 2.0 Toolkit[79]Danish IT and Telekom AgencyOSSSP Framework: Java, .NET,[80] PHP (Documentation see OIOSAML.java)
OmniAuth-Shibboleth[81]OneLoginOSSSAML-Library: ASP/.NET, Java, PHP, Python, Ruby
OneLogin[82]OneLoginOSSSAML-Library: ASP/.NET, Java, PHP, Python, Ruby
OpenConext[83]SURFnetOSSFederation-enabled Collaboration SW
OpenSAML[84]Internet2OSSSAML-Library: C++, Java
MET[85] TERENA OSSgathers and shows information about federations (mostly about SPs and IdPs)
Mujina[86] SURFnet OSSSAML test actors that can be dynamically configured using a REST interface
Ping Identity[87]Ping IdentityCommercialJava, .NET, PHP and language neutral integration kits to SAML-enable applications
PySAML2[88]LaunchPadOSSSAML-Library: Python
Pysfemma[89]GithubOSSautomate membership configuration of an ADFS STS in a SAML2 based Identity Federation
PyFF[90]sunet.seOSSSAML Metadata Processor
Raptor[91]JiscOSStoolkit to enable Shibboleth IdP statistics analysis
SAML Metadata Aggregator[92]NORDUnetOSSAggregates single metadata files and provides MDX webservice
SAML Tracer (Firefox addon)[93]UNINETT ASOSSFirefox Plug-In to trace SAML messages
SpringSecurity SAML[94]SpringSourceOSSSAML-enable applications based on Spring framework
Switch GMT[95]SWITCH-AAIOSSGroup Management Tool for Shibboleth
Ultimate SAML[96]ComponentProCommercialSAML 1.1 and 2.0 Libraries for .NET
ZXID[97]zxidOSSC, other lang using swig.org

SAML-related Services

This section lists public services such as identity and attribute providers, metadata and test services, but *not* SAML-enabled web-applications and cloud services.

Service Organization Purpose
9STAR[98]9STAR9STAR Managed Services for Shibboleth/SAML SSO On-Premises or Cloud
9STAR[99]9STAR9STAR Shibboleth/SAML SSO Support Services
Acrot A-OK[100]ArcotIdP (+ Fraud detection)
Federation Lab[101]GÉANTTest-SP, metadata registry, test tools
Feide OpenIdP[102]UNINETT ASIdP that allows any user to register, and any SP to connect
Gazelle IHE validator[103]GazelleSAML Assertion Validation
Gluu On-Prem Managed Service[104]GluuIdP for SAML and OpenID Connect-enabled cloud services
Identity Hub[105]EntrouvertFree IdP; Any user and any SP
OneLogin SSO[106]OneLoginIdP for SAML- and OpenID-enabled cloud services
PEER[107]Internet2Public metadata registry
PhoneFactor[108]PhoneFactor Inc.IdP/cloud SSO
PingOne[109]Ping IdentityCloud Access and Application Provider Services for IdPs and SPs
SecureAuth[110]SecureAuth Corp.IdP, IdM, Multi-Protocol STS (multiple claims based integrations including SAML 1.1, 2.0 SP SSO, 2.0 IdP SSO, OpenID, .NET, CA SiteMinder and others
SSOCircle[111]SSOCircleFree IdP
Testshib[112]Internet2IdP and SP for testing
UnitedID[113]United ID ServicesFree IDP service
Verizon Web Access Management[114]Verizon BusinessIdP
ZXID[115]zxid.orgFree IdP

References

  1. "Kantara Initiative 2011 Q1 SAML 2.0 Full-Matrix Interoperability Testing".
  2. "Liberty Alliance SAML interoperability tests".
  3. "adAS".
  4. "Asimba".
  5. "AssureBridge".
  6. "Authentic2".
  7. "Bitium Single Sign-on".
  8. "CA Federation Manager".
  9. "Citrix Open Cloud Access".
  10. "RadiantOne Cloud Federation Service".
  11. "Cloudseal SSO for Java".
  12. "Comfact IDP".
  13. "Connectis/FederateNow".
  14. "Dot Net Workflow cloud and corporate SSO and Federation".
  15. "DirX Access".
  16. "DualShield unified authentication platform".
  17. "9STAR's Elastic SSO Team".
  18. "9STAR's Elastic SSO Enterprise".
  19. "Entrust GetAccess".
  20. "Entrust IdentityGuard".
  21. "EIC".
  22. "EmpowerID".
  23. "Open Source Access Management".
  24. "Horizon App Manager".
  25. "HP IceWall SSO".
  26. "ILANTUS Sign On Express".
  27. "Intel Cloud SSO".
  28. "Ilex".
  29. "Avoco Identity".
  30. "iWelcome".
  31. "JOSSO (Community Edition)".
  32. "JOSSO (Enterprise Edition)".
  33. "Juniper SSL VPN".
  34. "Layer 7".
  35. "Larpe".
  36. "LemonLDAP::NG".
  37. "NetIQ Access Manager".
  38. "NetWeaver Appserver".
  39. "OpenAM".
  40. "Cloud service platform".
  41. "OneLogin Single Sign On".
  42. "OpenAthens LA".
  43. "OpenAthens SP".
  44. "OpenASelect".
  45. "RCDevs".
  46. "Optimal IdM VIS Federation Services".
  47. "Oracle Identity Federation 11g".
  48. "PhoneFactor".
  49. "PicketLink".
  50. "Keycloak". JBoss Community.
  51. "PingFederate".
  52. "PortalGuard".
  53. "RSA Federated Identity Manager".
  54. "Safewhere*Identify".
  55. "Samanage".
  56. "SecureAuth".
  57. "SimpleSAMLphp".
  58. "SMS PASSCODE".
  59. "SSO EasyConnect".
  60. Symlabs "Federated Identity Suite".
  61. "Symplified".
  62. "Tivoli Federated Identity Manager".
  63. "TrustBind/Federation Manager".
  64. "TrustBuilder".
  65. "Ubisecure SSO".
  66. "USP Secure Entry Server®".
  67. "WSO2".
  68. "ZXID".
  69. "Federation Registry".
  70. "ComponentSpace".
  71. "cortoweb".
  72. "EmpowerID Dot Net Workflow Idp & SP Kit".
  73. "Federation Metadata Manager for ADFS".
  74. "Firefox ECP Plugin".
  75. "FLOG".
  76. "JAKOB Attribute Collector".
  77. "JANUS".
  78. "Lasso".
  79. "OIOSAML 2.0 Toolkit".
  80. "OIOSAM.net Service Provider Framework".
  81. "Shibboleth Binding for OmniAuth 1.x".
  82. "SAML Toolkits from OneLogin".
  83. "OpenConext".
  84. "OpenSAML".
  85. "Metadata Explorer Tool".
  86. "Mujina Mock IdP and SP".
  87. "PingFederate Integration Kits".
  88. "PySAML2".
  89. "Pysfemma".
  90. "PyFF".
  91. "Raptor".
  92. "SAML Metadata Aggregator".
  93. "SAML Tracer".
  94. "SpringSecurity SAML Site".
  95. "SWITCH Group Management Tool".
  96. "Ultimate SAML".
  97. "ZXID".
  98. "9STAR Shibboleth/SAML SSO Services".
  99. "9STAR Shibboleth/SAML SSO Support".
  100. "Arcot A-OK".
  101. "Federation Lab".
  102. "Feide OpenIdP".
  103. "Gazelle IHE interop test framework".
  104. "Gluu On-Prem Managed Service".
  105. "Identity Hub".
  106. "OneLogin SSO".
  107. "PEER".
  108. "Phonefactor".
  109. "PingOne".
  110. "SecureAuth Corp.".
  111. "SSO Circle IDP".
  112. "Testshib.org".
  113. "United ID".
  114. "Verizon Web Access Management as a Service".
  115. "ZXIDP.org".