On this page I have tried to create the ultimate pitstop for people trying to learn and use the OpenSAML library.
I'll start out with an introduction to OpenSAML and move on to a some resources that might be of help. I will also introduce my blog post on this subject and my book, A Guide to OpenSAML.
What is OpenSAML?
OpenSAML is a library to facilitate working with SAML messages. Below are some of the functions that OpenSAML provides:
- Creating SAML messages
- Parsing and exporting SAML objects as XML
- Signing and encryption
- Encoding and message transport
Internet2 provides and supports the library. Shibboleth products, produced by internet2, are one of the examples of identity solutions that utilize the OpenSAML library.
The OpenSAML library is available in Java and C++, however; not all functions are provided in both versions. OpenSAML is licensed under Apache 2.0 and the latest version of OpenSAML supports SAML 2.0, 1.1 and 1.0.
My blog posts
When I work with OpenSAML I try to spend some time to blog about different situation and problems I encounter. Here are some of the more popular.
Some on using OpenSAML for the SAML flow
Some more general
- Convenience methods for OpenSAML
- Getting credentials in OpenSAML
- Verifying signatures with OpenSAML
- Signing with OpenSAML
My book, A Guide to OpenSAML
A Guide to OpenSAML is a short book that introduces SAML, the SAML Web Browser Profile and the use of OpenSAML.
The book has three parts, the first of which introduces SAML, SAML Web Browser Profile and OpenSAML. The next part goes deeper into explaining the Web Browser Profile more in detail and shows how to implement it using OpenSAML. The last part explains how to use some of the security functions in OpenSAML, like signatures and encryption.
The SAML Web Browser Profile is flexible and can be used in many different ways. The book shows the SAML Web Browser Profile with the following configurations:
- SP initiated Single Sign-On
- Authentication request using HTTP Redirect Binding
- Assertion transported using HTTP Artifact Binding
- SAML Artifact transported using HTTP Redirect Binding
- Artifact resolution using SOAP Binding
The SAML specs
As always, when working with SAML it pays of having the official SAML specs close at hand
- SAML Core Specs - The main spec for the SAML messages
- SAML Binding Spec - Specs for bindings used to transport the messages
- SAML Profiles Spec - The profiles showing how to use the SAML messages together for a use-case
- SAML Metadata Spec - Specification for SAML configuration data
The official OpenSAML homepage - The official page from Internet2. Has good documentation
Javadoc for OpenSAML - Very useful
Mail lists - The developer list is for OpenSAML discussions. Lots of smart and resourceful people. I have gotten a lot of help from here.