SAML-based products and services: Difference between revisions

SAML is a set of specifications that encompasses the XML-format for security tokens containing assertions to pass information about a user and protocols and profiles to implement authentication and authorization scenarios. This document provides an overview about products and services that implement SAML 2.0 key actors like Identity providers or components to enable services to be SAML-enabled.

Products that provide SAML actors

SAML actors are Identity Providers (IdP), Service Providers (SP), Discovery Services, Metadata services etc. This table shows the capability of products according to Kantara Initiative testing.^[1][2] Claimed capabilities are in column "other". Each mark denotes that at least one interoperability test was passed. Detailed results with product and test procedure versions are available at the Kantara/Liberty site given below.

NOTE: This table represents a snapshot over time roll up of the most recent product test results (multiple testing rounds). Please note that some products features and abilities may have been updated since they were last tested. Please check the website information of the originating product for the latest features and updates.

Product Name	Project/Vendor	License	Kantara-certified Interoperability							Other Features
			IdP	IdP Light	SP	SP Light	eGov 1.5	Attr Auth Resp.	POST Bind.	Roles	Protocols
adAS[3]	PRiSE	OSS	X	X	X	X	X	X	X	IdP, SP, Federation	WS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Google, Microsoft365, Facebook, Kerberos, LDAP
ADFS 2.0	Microsoft	Commercial		X		X	X				WS-Federation, WS-Trust, SAML 2.0
Asimba[4]	Asimba.org	OSS								IDP	(Fork of OpenASelect)
AssureBridge SAMLConnect[5]	AssureBridge	Commercial		X		X		X	X	IdP, SP	SAML 1.1, SAML 2.0, OpenID, WS-Federation,
Authentic2[6]	Entrouvert	OSS								IdP, SP	OpenID 1&2, CAS 1&2, OAuth2, LDAP 2&3, PAM, RADIUS, OATH, Kerberos, X509
Bitium[7]	Bitium	Commercial								IdP, SP	SAML 2.0
CA Federation Manager[8]	CA	Commercial		X		X	X				WS-Federation
Centrify DirectControl	Centrify	Commercial								Broker	SAML, OpenID, OAuth, WS-*, LDAP, Kerberos
Citrix Open Cloud[9]	Citrix	Commercial								SSO Middleware
Cloud Identity Manager	McAfee	Commercial								Broker	SAML 2, OpenID, OAuth, XACML, LDAP v3, JM
Cloud Federation Service[10]	Radiant Logic	Commercial								IdP, SP	SAML 2.0, WS-Federation, OAuth 2.0, OpenID
Cloudseal[11]	Cloudseal	SaaS								IdP, SP
Comfact IDP[12]	Comfact	Commercial								IdP	-
Connectis[13]	Connectis	Commercial								IdP, SP
Corto project home	GÉANT	OSS								Broker
Dot Net Workflow[14]	The Dot Net Factory	Commercial	X		X					IdP,SP	WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN)
DirX Access[15]	Atos/Siemens	Commercial		X		X		X
DualShield[16]	Deepnet Security	Commercial		X		X		X	X	IdP	SAML 2.0
Elastic SSO Team[17]	9STAR	Commercial	X	X				X	X	IdP	SAML 2.0 SAML 1.1
Elastic SSO Enterprise[18]	9STAR	Commercial	X	X				X	X	IdP	SAML 2.0 SAML 1.1
ESOE	Queensland University of Technology	OSS								Idp, Sp
Entrust GetAccess[19]	Entrust	Commercial	X	X	X	X	X	X
Entrust IdentityGuard[20]	Entrust	Commercial	X	X	X	X	X		X
EIC[21]	Ericsson	Commercial	X
EmpowerID[22]	The Dot Net Factory	Commercial								IdP,SP	WS*-, WS-Federation, WS-Trust, OpenID, OAuth 2.0, Facebook, LinkedIn, Twitter, Yahoo, Windows Live (MSN)
BIG-IP Access Policy Manager	F5 Networks	Commercial								IDP, SP, Broker	SAML 2.0
Fugen Cloud ID Broker	Fugen Solutions	Commercial								Broker	SAML 1.1, SAML 2.0, WS-Federation, WS-Trust, OpenID, and OAuth
Gluu Server[23]	Gluu	OSS	X	X						SAML OpenID Connect IDP, UMA PDP	OpenID Connect, UMA, RADIUS, LDAP
Horizon App Manager[24]	VMware	Commercial	X	X	X	X			X
HP IceWall SSO[25]	HP	Commercial								SP	SAML 2
ILANTUS Sign On Express[26]	Ilantus	Commercial								IdP, SP	SAML 2
Intel Cloud SSO[27]	Intel	Commercial								IdP, SP	SAML 2, OpenID, OAuth
Ilex Sign&go[28]	ILEX	Commercial	X	X	X	X	X	X	X	IdP, SP, Federation	WS-Federation, WS-Trust, SAML 2.0, SAML 1.0, Shibboleth, CAS, Google, Microsoft365, Facebook, Kerberos, LDAP
iSAML[29]	Avoco	Commercial								IdP	SAML 2, WS-Trust, OpenID
iWelcome[30]	iWelcome	Commercia	X	X	X	X	X	X	X	IdP	SAML 2, SAML 1.0, WS-Trust, Kerberos, OAuth2, facebook, google, includes provisioning from-to on-Prem, AD, Multi-factor, extended integration functionalities
JOSSO (Community Ed.)[31]	josso.org	OSS							X	IdP,SP	SAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1
JOSSO (Enterprise Ed.)[32]	Atricore	Commercial							X	IdP,SP	SAML2, OAuth2, WS-Trust, SPMLV2, Kerberos, JOSSO1
Juniper SSL VPN[33]	Juniper Networks	Commercial								IDP, SP
Layer 7[34]	SecureSpan Gateway	Commercial		X		X				PDP/PEP	OAuth2, SAML 1.1, SAML2, ABAC, OpenID Connect, XML Firewall
Larpe[35]	Entrouvert	OSS		X		X				SAML Reverse Proxy	OpenID, CAS, OAuth
LemonLDAP[36]	LemonLDAP	OSS								IDP, SP	WS-Federation, CAS, OpenID, Twitter, Protocol proxy
NetIQ Access Manager[37]	NetIQ (formerly Novell)	Commercial	X	X	X	X	X	X	X	IdP, SP	WS-Security, WS-Federation, WS-Trust, SAML 1.1 / 2.0, Liberty, Single Sign-on, RBAC, CardSpace, OAuth, OpenID, STS. Includes integration with cloud and social media providers (Office 365, Windows Live (MSN), Google, Facebook, etc.)
NetWeaver Appserver[38]	SAP	Commercial								(pending)	CAS, OpenId, Twitter
OpenAM[39]	ForgeRock (ex. Sun)	OSS	X	X	X	X	X	X	X	ECP, IdP Proxy	OpenID Connect, OAuth2, SAML 2.0, SAML 1.1, WS-Federation, WS-Trust, XACML, Liberty, Kerberos, Facebook, Google, Windows Live (MSN)
Okta[40]	Okta	Commercial								IdP, SP
OneLogin[41]	OneLogin	Commercial								IdP, SP	SAML, WS-Federation, Kerberos, OAuth, OpenID
OpenAthens LA[42]	eduserv	Commercial								IdP
OpenAthens SP[43]	eduserv	Commercial								SP
Open Select[44]	OpenASelect.org	OSS								IDP	OAuth (project continues as asimba)
OpenOTP/TiQR SAML IdP[45]	RCDevs	Free	X	X						IdP	SAML 2.0, OpenID 1.1/2.0, RADIUS, LDAP
Optimal IdM VIS Federation Services[46]	Optimal IdM	Commercial	X		X				X	IdP, SP, Broker, SSO	WS-Federation, WS-Trust, SAML 1.x, SAML 2.0, OpenID 2.0, Kerberos, LDAP, Office 365, RADIUS, OAUTH, multi-factor
Oracle Identity Federation 11g[47]	Oracle	Commercial	X		X				X	IdP, SP	WS-Federation, SAML 1.x, SAML 2.0, OpenID 2.0
PhoneFactor[48]	PhoneFactor, Inc	commercial								IDP
PicketLink[49]	JBoss Community	OSS								(pending)	OpenID, A-Select, CAS, XACML
Keycloak	Services	Integrated SSO and IDM for browser apps and RESTful web services. Built on top of the OAuth 2.0, Open ID Connect, JSON Web Token (JWT) and SAML 2.0 specifications[50]
PingFederate[51]	Ping Identity	Commercial		X		X					WS-Federation, WS-Trust, OpenID, OAuth, Facebook, LinkedIn, Twitter, Windows Live
PortalGuard[52]	PistolStar, Inc.	Commercial								IdP, SP, SSO, Middleware	SAML 2, LDAP v3, XML-DSIG
RSA Federated Identity[53]	RSA	Commercial		X		X	X				Facebook, OpenID, LinkedIn, Twitter, Windows Live
Safewhere*Identify[54]	Safewhere	Commercial								IdP,SP	SAML 2.0, WS-Federation, WS-Trust, OAuth 2.0, multi-factor, OpenID Connect, Facebook, LinkedIn, Twitter, LiveID, Google, LDAP
Samanage[55]	Samanage	Commercial								Enterprise-to-cloud SSO Middleware
SecureAuth[56]	SecureAuth Corp.	Commercial	X	X	X	X	X	X	X	IdP, SP	2-Factor, IBM LTPA, Facebook, Google, LinkedIn, Microsoft FBA, Microsoft IWA, OAUTH, OpenID, OpenID Connect, SAML 1.1, SAML 2.0, Twitter, WebServices, Windows Live, X.509v3, Yahoo
Shibboleth	Internet2	OSS								IdP, SP, Discovery	SAML 1.1, SAML 2.0
SimpleSAMLphp[57]	UNINETT AS	OSS		X		X					OpenID, A-Select, CAS, WS-Federation and OAuth,Facebook,LinkedIn,Twitter, Windows Live
SMS PASSCODE Multi-factor Authentication[58]	SMS PASSCODE	Commercial								IdP?
SSO EasyConnect[59]	SSO Easy	Commercial								IdP, SP
Symlabs Federated Identity Suite[60]	Symlabs	Commercial	X	X	X	X	X	X		ECP	OpenID, A-Select, CAS, WS-Federation and OAuth
Symplified[61]	Symplified	Commercial	X	X	X	X	X	X	X	IdP, SP, Broker	SAML 1.1, SAML 2.0, WS-Federation, OpenID, OAuth, XACML, IBM LTPA, Microsoft IWA, 2-Factor, Facebook, Google, Twitter, ABAC / context-based AC
Tivoli Federated Identity Manager[62]	IBM	Commercial	X	X	X	X	X	X	X		WS-Federation, OpenID, Liberty, InfoCard, Microsoft CardSpace
TrustBind[63]	NTT Software Corp	Commercial	X		X		X	X	X	ECP	OpenID, ID-WSF
TrustBuilder[64]	SecurIT	Commercial								IdP, SP, IdP-Proxy	SAML 2.0, OAuth 2.0, OpenID Connect, Kerberos
Ubisecure SSO	Ubisecure Solutions	Commercial	X	X	X	X			X	ECP, Discovery	SAML 2.0, ETSI MSS 102 204, TUPAS, WS-Federation, OpenID
Weblogic	Oracle	Commercial								SP
WSO2[66]	wso2	OSS								IdP, SP	OAuth2, WS-Trust, OpenID
ZXID[67]	zxid	OSS								IdP, SP, ECP, IdP-Proxy, Discovery	ID-WSF2, XACML2, WS-Security, XML-DSIG, TAS3

Libraries and toolkits to develop SAML actors and SAML-enabled services

Libraries and toolkits are used by developers to integrate applications and services into SAML federations or to build their own SAML-actors like IdPs.

Libraries and Toolkits	Organization	Licence	Purpose and Language bindings
Australian Access Federation[68]	Australian Access Federation	OSS	Metadata Registry based on former work by SWITCH
ComponentSpace[69]	ComponentSpace	Commercial	SAML libraries for .NET and ASP.NET applications
Corto[70]	WAYF	OSS	SAML2 proxy, virtual IdP, user consent
EmpowerID IdP & SP Kit[71]	Dot Net Factory	Commercial	IdP and SP Kit, .NET, REST, and SOAP-based integration kit to SAML-enable applications
FEMMA[72]	Sourceforge	OSS	Workaround for the ADFS limitation of a single EntityID per XML infoset
Firefox ECP Plugin[73]	Openliberty	OSS	Firefox extension for compliance with SAML ECP
FLOG F-Ticks Vizualization[74]	SUNET	OSS	Parse and chart F-Ticks for webSSO and Eduroam (sample site: http://flog.sunet.se/)
JAKOB[75]	WAYF	OSS	Backchannel attribute collector
JANUS[76]	WAYF	OSS	Metadata Registry for hub-and-spoke federations based on SimpleSAMLphp; includes self-service
Lasso[77]	Entrouvert	OSS	SAML-Library: C/C++, Python, Java, Perl, PHP
OIOSAML 2.0 Toolkit[78]	Danish IT and Telekom Agency	OSS	SP Framework: Java, .NET,[79] PHP (Documentation see OIOSAML.java)
OmniAuth-Shibboleth[80]	OneLogin	OSS	SAML-Library: ASP/.NET, Java, PHP, Python, Ruby
OneLogin[81]	OneLogin	OSS	SAML-Library: ASP/.NET, Java, PHP, Python, Ruby
OpenConext[82]	SURFnet	OSS	Federation-enabled Collaboration SW
OpenSAML[83]	Internet2	OSS	SAML-Library: C++, Java
MET[84]	TERENA	OSS	gathers and shows information about federations (mostly about SPs and IdPs)
Mujina[85]	SURFnet	OSS	SAML test actors that can be dynamically configured using a REST interface
Ping Identity[86]	Ping Identity	Commercial	Java, .NET, PHP and language neutral integration kits to SAML-enable applications
PySAML2[87]	LaunchPad	OSS	SAML-Library: Python
Pysfemma[88]	Github	OSS	automate membership configuration of an ADFS STS in a SAML2 based Identity Federation
PyFF[89]	sunet.se	OSS	SAML Metadata Processor
Raptor[90]	Jisc	OSS	toolkit to enable Shibboleth IdP statistics analysis
SAML Metadata Aggregator[91]	NORDUnet	OSS	Aggregates single metadata files and provides MDX webservice
SAML Tracer (Firefox addon)[92]	UNINETT AS	OSS	Firefox Plug-In to trace SAML messages
SpringSecurity SAML[93]	SpringSource	OSS	SAML-enable applications based on Spring framework
Switch GMT[94]	SWITCH-AAI	OSS	Group Management Tool for Shibboleth
Ultimate SAML[95]	ComponentPro	Commercial	SAML 1.1 and 2.0 Libraries for .NET
ZXID[96]	zxid	OSS	C, other lang using swig.org

SAML-related Services

This section lists public services such as identity and attribute providers, metadata and test services, but *not* SAML-enabled web-applications and cloud services.

Service	Organization	Purpose
9STAR[97]	9STAR	9STAR Managed Services for Shibboleth/SAML SSO On-Premises or Cloud
9STAR[98]	9STAR	9STAR Shibboleth/SAML SSO Support Services
Acrot A-OK[99]	Arcot	IdP (+ Fraud detection)
Federation Lab[100]	GÉANT	Test-SP, metadata registry, test tools
Feide OpenIdP[101]	UNINETT AS	IdP that allows any user to register, and any SP to connect
Gazelle IHE validator[102]	Gazelle	SAML Assertion Validation
Gluu On-Prem Managed Service[103]	Gluu	IdP for SAML and OpenID Connect-enabled cloud services
Identity Hub[104]	Entrouvert	Free IdP; Any user and any SP
OneLogin SSO[105]	OneLogin	IdP for SAML- and OpenID-enabled cloud services
PEER[106]	Internet2	Public metadata registry
PhoneFactor[107]	PhoneFactor Inc.	IdP/cloud SSO
PingOne[108]	Ping Identity	Cloud Access and Application Provider Services for IdPs and SPs
SecureAuth[109]	SecureAuth Corp.	IdP, IdM, Multi-Protocol STS (multiple claims based integrations including SAML 1.1, 2.0 SP SSO, 2.0 IdP SSO, OpenID, .NET, CA SiteMinder and others
SSOCircle[110]	SSOCircle	Free IdP
Testshib[111]	Internet2	IdP and SP for testing
UnitedID[112]	United ID Services	Free IDP service
Verizon Web Access Management[113]	Verizon Business	IdP
ZXID[114]	zxid.org	Free IdP

References

1. "Kantara Initiative 2011 Q1 SAML 2.0 Full-Matrix Interoperability Testing".
2. "Liberty Alliance SAML interoperability tests".
3. "adAS".
4. "Asimba".
5. "AssureBridge".
6. "Authentic2".
7. "Bitium Single Sign-on".
8. "CA Federation Manager".
9. "Citrix Open Cloud Access".
10. "RadiantOne Cloud Federation Service".
11. "Cloudseal SSO for Java".
12. "Comfact IDP".
13. "Connectis/FederateNow".
14. "Dot Net Workflow cloud and corporate SSO and Federation".
15. "DirX Access".
16. "DualShield unified authentication platform".
17. "9STAR's Elastic SSO Team".
18. "9STAR's Elastic SSO Enterprise".
19. "Entrust GetAccess".
20. "Entrust IdentityGuard".
21. "EIC".
22. "EmpowerID".
23. "Open Source Access Management".
24. "Horizon App Manager".
25. "HP IceWall SSO".
26. "ILANTUS Sign On Express".
27. "Intel Cloud SSO".
28. "Ilex".
29. "Avoco Identity".
30. "iWelcome".
31. "JOSSO (Community Edition)".
32. "JOSSO (Enterprise Edition)".
33. "Juniper SSL VPN" (PDF).
34. "Layer 7".
35. "Larpe".
36. "LemonLDAP::NG".
37. "NetIQ Access Manager".
38. "NetWeaver Appserver".
39. "OpenAM".
40. "Cloud service platform".
41. "OneLogin Single Sign On".
42. "OpenAthens LA".
43. "OpenAthens SP".
44. "OpenASelect".
45. "RCDevs".
46. "Optimal IdM VIS Federation Services".
47. "Oracle Identity Federation 11g".
48. "PhoneFactor".
49. "PicketLink".
50. "Keycloak". JBoss Community.
51. "PingFederate".
52. "PortalGuard".
53. "RSA Federated Identity Manager".
54. "Safewhere*Identify".
55. "Samanage".
56. "SecureAuth".
57. "SimpleSAMLphp".
58. "SMS PASSCODE".
59. "SSO EasyConnect".
60. Symlabs "Federated Identity Suite". {{cite web}}: Check |url= value (help)
61. "Symplified".
62. "Tivoli Federated Identity Manager".
63. "TrustBind/Federation Manager".
64. "TrustBuilder".
65. "Ubisecure SSO".
66. "WSO2".
67. "ZXID".
68. "Federation Registry".
69. "ComponentSpace".
70. "cortoweb".
71. "EmpowerID Dot Net Workflow Idp & SP Kit".
72. "Federation Metadata Manager for ADFS".
73. "Firefox ECP Plugin".
74. "FLOG".
75. "JAKOB Attribute Collector".
76. "JANUS".
77. "Lasso".
78. "OIOSAML 2.0 Toolkit".
79. "OIOSAM.net Service Provider Framework" (PDF).
80. "Shibboleth Binding for OmniAuth 1.x".
81. "SAML Toolkits from OneLogin".
82. "OpenConext".
83. "OpenSAML".
84. "Metadata Explorer Tool".
85. "Mujina Mock IdP and SP".
86. "PingFederate Integration Kits".
87. "PySAML2".
88. "Pysfemma".
89. "PyFF".
90. "Raptor".
91. "SAML Metadata Aggregator".
92. "SAML Tracer".
93. "SpringSecurity SAML Documentation" (PDF).
94. "SWITCH Group Management Tool".
95. "Ultimate SAML".
96. "ZXID".
97. "9STAR Shibboleth/SAML SSO Services".
98. "9STAR Shibboleth/SAML SSO Support".
99. "Arcot A-OK".
100. "Federation Lab".
101. "Feide OpenIdP".
102. "Gazelle IHE interop test framework".
103. "Gluu On-Prem Managed Service".
104. "Identity Hub".
105. "OneLogin SSO".
106. "PEER".
107. "Phonefactor".
108. "PingOne".
109. "SecureAuth Corp".
110. "SSO Circle IDP".
111. "Testshib.org".
112. "United ID".
113. "Verizon Web Access Management as a Service".
114. "ZXIDP.org".