The Big OpenSAML Guide

This is the main page on the site where I guide you to all resources on OpenSAML. Here you will find all topics, from beginner to advanced that I have collected over the years.

First, for you that are totally new to OpenSAML is a short introduction.

What is OpenSAML?

OpenSAML is a library to facilitate working with SAML messages. Below are some of the functions that OpenSAML provides:

  • Creating SAML messages
  • Parsing and exporting SAML objects as XML
  • Signing and encryption
  • Encoding and message transport

Internet2 provides and supports the library. Shibboleth products, produced by internet2, are one of the examples of identity solutions that utilize the OpenSAML library.

The OpenSAML library is available in Java and C++, however; not all functions are provided in both versions. OpenSAML is licensed under Apache 2.0 and the latest version of OpenSAML supports SAML 2.0, 1.1 and 1.0.

For the beginner

Getting started with OpenSAML 4 - This is a tutorial for getting started with OpenSAML 4, the most current version of the library. In this tutorial I will walk you through, the basics of OpenSAML, adding it to your project and building your first SAML message. It is a good starting point for anyone new to SAML.

Getting started with OpenSAML 3 - This is a tutorial is similar to the one above but for OpenSAML version 3 instead of 4.

The SAML Web browser SSO flow

Single LogOut

Things needed here and there

  • Convenience methods for OpenSAML - Collection of popular helper methods to ease the load of working with OpenSAML. For example creating and logging messages.
  • Getting credentials in OpenSAML - It is not straight forward how to use private and public keys to do cryptographic operations in OpenSAML. This tutorial walks you through it.
  • Signing with OpenSAML - Signing is the cryptographic way to ensure that a message has not been changed since sent by the sender. This article walk you through how to do this in OpenSAML.
  • Verifying signatures with OpenSAML - Of course, it is not much use to have a signed message if you do not know how to check that the signature is valid. This article will show you how to do it in OpenSAML 4.

Books on OpenSAML

To dig deeper into OpenSAML and connecting all the dots I have written a book on the subject.

A Guide to OpenSAML guides you through all steps of using OpenSAML including:

  • A basic understanding of Single Sign-On with OpenSAML
  • A migration guide for migrating from OpenSAML V2 to V3
  • Running sample code to try things out
  • A walk though of steps needed to implement SSO in OpenSAML
  • Usage of popular bindings and useful security features

SAML 2.0: Designing secure identity federation is not really a book on OpenSAML but as you will understand when learning OpenSAML, you need a very good understanding of SAML to build something good and secure using OpenSAML.

Walking through all topics from introduction to advanced you will learn

  • To fully understand SAML and identity federation
  • Workings of the main building blocks like NameId, bindings and assertions
  • How Single Single-On and Single Logout works in detail
  • Different architectural choices and implementation alternatives
  • Security best practices and considerations
  • Previous security vulnerabilities and what can be learned from them

The SAML specs

As always, when working with SAML it pays of having the official SAML specs close at hand

Other resource

The official OpenSAML homepage - The official page from Internet2.

Javadoc for OpenSAML - Very useful