OpenSAML book released!

After many late nights and tedious editing, I have finished my book on OpenSAML,  based on my experiences working with the OpenSAML library. A Guide to OpenSAML is a short book that introduces SAML, the SAML Web Browser Profile and the use of OpenSAML.




The book has three parts, the first of which introduces SAML, SAML Web Browser Profile and OpenSAML. The next part goes deeper into explaining the Web Browser Profile more in detail and shows how to implement it using OpenSAML. The last part explains how to use some of the security functions in OpenSAML, like signatures and encryption.

The SAML Web Browser Profile is flexible and can be used in many different ways. The book shows the SAML Web Browser Profile with the following configurations:


  • SP initiated Single Sign-On
  • Authentication request using HTTP Redirect Binding
  • Assertion transported using HTTP Artifact Binding
  • SAML Artifact transported using HTTP Redirect Binding
  • Artifact resolution using SOAP Binding


The book explains the interaction from the Service Provider’s point of view. The implementation of the Identity Provider is not covered in this book.

The package contains the book in PDF format, three different e-reader formats(EPUB, MOBI, AZW3) and a sample project showing OpenSAML in action.

35 comments:

  1. How will I get download link after paying with PayPal ?

    I have already payed and didn't got any download link.

    ReplyDelete
  2. How do I get the invoice of my purchase?

    ReplyDelete
    Replies
    1. If you send me your email to stefan.rasmusson.as@gmail.com and we'll fix that.

      Delete
  3. I purchased your book, but I am struggling to generate the metadata, and that doesn't seem to be covered in the book. I am struggling with the key generation, can you use the same jks used to sign the authnrequests, etc or is this separate. I saw you post about metadata generation, but it looks like your are generating the key on the fly. Any pointers on how to generate and can I securely use the same keystore used to sign requests? If so, how do I generate the metadata keys from the keystore? Thanks!

    ReplyDelete
    Replies
    1. in the post I am not generating the Key on the fly, I'm generating the KeyInfo element that is coing to contain the key. As you see on the line 12, keyInfoGenerator.generate takes a X509Credential. You can read this credential from a keystore of you choise. More information on getting credentials from a key store see http://blog.samlsecurity.com/2011/03/getting-credentials-in-opensaml.html.

      Good luck!

      Delete
    2. This comment has been removed by the author.

      Delete
  4. Hello,

    I wanted to purchase a copy of your book, but I see a "This product is not currently for sale" on the Gumroad site.

    ReplyDelete
    Replies
    1. Due to som bookkeeping technicalities. The book is closed for purchase until 1st of January

      Delete
    2. Due to som bookkeeping technicalities. The book is closed for purchase until 1st of January

      Delete
    3. Thanks, will check back on the book in the new year. Happy holidays!

      Delete
    4. Hi the book is now available for purchase

      Delete
    5. Cheers, I just got my copy now :)

      OpenSAML is a prime example of how important it is to document your lib projects, unless you want to make them inaccessible :) We maintain a Java SDK for OAuth/OpenID Connect and wanted to add support for SAML 2.0 assertion grants. There seems to be a newer OpenSAML 3.x version, but its documentation is even poorer, so we went along with 2.x. Do you have any comments about 3.x and whether it's worth upgrading to it?

      Delete
    6. I fully agree. I have not read up on what the latest version has brought to the table, but I'm sad to here that the documentation is still bad.

      Delete
  5. Seems like the book is still not available. May I know when we can purchase this ?

    ReplyDelete
  6. Sorry, life got in the way. The book is now available for purchase

    ReplyDelete
  7. Thanks Stefan. Can see it now.

    ReplyDelete
  8. Hi Stefan, I've been working on a SAML implementation for ~6 weeks now. I bought your book and looked over your example app. Both have been extremely helpful!!! Thank you! But something that is not in the book and I think should be is Logout. Can you point me to some good examples/documentation for logout?

    ReplyDelete
  9. Hi Stefan Rasmusson: I purchased the book, the download the code . One question is how is SAMLart's encoded value got generated as AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D

    In code singleSignOnServlet.java line 28, SAMLart value is hard coded.

    resp.sendRedirect(SPConstants.ASSERTION_CONSUMER_SERVICE + "?SAMLart=AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D");

    But at page 29 of sstc-saml-binding-errata-2.0-wd-06.pd 3.6.3.3 Form Encoding and 3.6.4 Artifact Format, artifact format is specified. Can you explain in book what are inputs for generating SAMLart value as AAQAAMFbLinlXaCM%2BFIxiDwGOLAy2T71gbpO7ZhNzAgEANlB90ECfpNEVLg%3D?

    ReplyDelete
  10. Hi Stephan, I just bought your book and it is helping me a lot, thanks for that.

    I have some doubts about encryption phase. I am coding a servlet who makes a SAML request to an OIF IdP. I could make it work, over plain text with signing.

    However, I am not having luck encrypting both request and response. I am trying to understand your encryption code (page 41), does it belongs to an SP or an IdP?

    Thanks again!

    ReplyDelete
    Replies
    1. The examples in the book are for encrypting the assertion at the IDP side but I dont think it should be much different using it on the SP side. Is the encryption failing or does the OIF have problem decryption?

      Delete
  11. Is there a way to order the book from Canada? The payment fails verification since I don't have a valid ZIP code to enter!

    ReplyDelete
    Replies
    1. Hi, I think you can change the country somewhere. If you continue having problem, please contact Gumroad support at support@gumroad.com

      Delete
  12. Is there a way to order the book from India? The payment fails verification since I don't have a valid ZIP code to enter! and India is also not provided in the dropdown

    ReplyDelete
    Replies
    1. Please contact Gumroad support at support@gumroad.com. I'm sure they can help you

      Delete
  13. Hi Stefan,
    I want to create an SOAP service which will have authentication via ADP is this part covered in the book ? Also which programming language is examples are in ?

    ReplyDelete
    Replies
    1. Is this a web service? This is not specifically covered in the book. The book does however cover general use of OpenSAML. If you are going to build a web service with OpenSAML I still thing you would have use of the book. The examples are in Java.

      Delete
    2. Thanks for the reply :), Yes it is a web service. Specifically SOAP web service. Would be great if you can point to any article you wrote about web service with IDP.

      Delete
    3. I have not read anything specific on this, so I think google is your best shot

      Delete
  14. This comment has been removed by the author.

    ReplyDelete
    Replies
    1. You should be able to click the PayPal icon up on the right corner to pay with PayPal. Have you tried that?

      Delete
    2. You should be able to click the PayPal icon up on the right corner to pay with PayPal. Have you tried that?

      Delete
  15. Hi Stefan, i have a SAML 2 application, I like to buy the book and upgrade it to SAML 3, but why? what are all the benefits upgrading or issues with SAML 2 ? Thank you

    ReplyDelete
    Replies
    1. The main reason you should consider is that OpenSAML 2 reach its end of life in july last year and will not receive any security updates since then. The development team recommends everyone to migrate to V3 as soon as possible

      Delete