ePrivacy and GPDR Cookie Consent by Cookie Consent


On this page I have tried to create the ultimate pitstop for people trying to learn and use the OpenSAML library.

I'll start out with an introduction to OpenSAML and move on to a some resources that might be of help. I will also introduce my blog post on this subject and my book, A Guide to OpenSAML.

What is OpenSAML?

OpenSAML is a library to facilitate working with SAML messages. Below are some of the functions that OpenSAML provides:

  • Creating SAML messages
  • Parsing and exporting SAML objects as XML
  • Signing and encryption
  • Encoding and message transport

Internet2 provides and supports the library. Shibboleth products, produced by internet2, are one of the examples of identity solutions that utilize the OpenSAML library.

The OpenSAML library is available in Java and C++, however; not all functions are provided in both versions. OpenSAML is licensed under Apache 2.0 and the latest version of OpenSAML supports SAML 2.0, 1.1 and 1.0.

Helpful resources

My blog posts

When I work with OpenSAML I try to spend some time to blog about different situation and problems I encounter. Here are some of the more popular.

Some on using OpenSAML for the SAML flow

Some more general

Read all my posts on OpenSAML

My book, A Guide to OpenSAML

A Guide to OpenSAML is a short book that introduces SAML, the SAML Web Browser Profile and the use of OpenSAML.

Buy the book on Payhip!

The book has three parts, the first of which introduces SAML, SAML Web Browser Profile and OpenSAML. The next part goes deeper into explaining the Web Browser Profile more in detail and shows how to implement it using OpenSAML. The last part explains how to use some of the security functions in OpenSAML, like signatures and encryption.

The SAML Web Browser Profile is flexible and can be used in many different ways. The book shows the SAML Web Browser Profile with the following configurations:

  • SP initiated Single Sign-On
  • Authentication request using HTTP Redirect Binding
  • Assertion transported using HTTP Artifact Binding
  • SAML Artifact transported using HTTP Redirect Binding
  • Artifact resolution using SOAP Binding

The SAML specs

As always, when working with SAML it pays of having the official SAML specs close at hand

Other resource

The official OpenSAML homepage - The official page from Internet2. Has good documentation

Javadoc for OpenSAML - Very useful

Mail lists - The developer list is for OpenSAML discussions. Lots of smart and resourceful people. I have gotten a lot of help from here.