Wednesday, June 26, 2013

SAML : SAML connectivity / toolkit

This is an update to try and categorise this in terms of SAML stacks.

Note that this concerns the SAML protocol not to be confused with SAML tokens or SAML products.

The links in the original article are still valid.

SAML is complicated. Getting the security right is difficult. My advice is not to roll your own.

Note: I personally haven't tried all of these. This is just a list that may be of use.

C#

The WIF Extension for SAML 2.0 is now deprecated and the links have been removed. It is only applicable for .NET 3.5 and is buggy.

There is NO official Microsoft C# client-side SAML protocol stack.

OneLogin's Open-Source SAML Toolkits and Github.

(Libraries for .NET, Python, Ruby, PHP, Java, node and others).

The Kentor stack is now deprecated.
Use Sustainsys - for .Net Core 2 use this version.

Owin.Security.Saml

Using Fedlets in .NET Applications

OIOSAML

SAML2

Safewhere SAML 2 for WIF

Owin.Security.Saml

Java

OpenSAML

Good book on this - Guide to OpenSAML V3.0 and an earlier version Guide to OpenSAML v2.0

Using Fedlets in Java Web Applications 

OneLogin's Open-Source SAML Toolkits

Spring security SAML

OIOSAML

auth10-java

MITREid Connect

PHP

simpleSAMLphp

LightSAML

OneLogin as above.

Ruby

OneLogin as above.

Python

OneLogin as above.

Commercial

Componentspace

Ultimate .NET SAML

Rock Solid Knowledge
This is for .NET Core 2 and is a plugin for Indentityserver 4. 

Identity aaS (as a service)

Auth0 - They do some really neat stuff. Lots of documentation e.g. SAML configuration. See the article at the end of this post

Other

nugetmusthaves for SAML

SAML articles in this blog

Disclaimer

I do not work for any of the above commercial companies.
------------------------------------------------------------------------------------------

There are two previous posts concerning SAML and libraries:

SAML : A SAML stack

WIF : Is there a Java Equivalent?

which are very much focused around the Microsoft / ADFS / WIF scenario.

But there’s tons of stuff out there concerning this so this is just a collection of links – for me as much as for everyone else!

OpenSAML - C++ / Java – open source

Performing a SAML Post with C#

Single Signon with SAML

SAML Single Sign-On (SSO) Component Suite for .NET – commercial

.NET SAML Component - Single Sign-On for C#, VB.NET & ASP.NET – commercial

onelogin SAML Toolkit – C#, ASP.NET, Java, PHP, Python, Ruby

Libraries and toolkits to develop SAML actors and SAML-enabled services

Working with SAML Assertions

Announcing the WIF Extension for SAML 2.0 Protocol Community Technology Preview!

Collection of Useful SAML Tools

authNauthZ  - A Swiss army knife for Graph API / SAML / OAuth

SAML2 for Thinktecture IdentityServer 3 with Kentor.AuthServices

Auth0 - This is essentially Identity aaS. They do some really neat stuff. Lots of documentation e.g. SAML configuration.

(I wrote up an example here using Auth0 -SAML : ASP.NET MVC application talking to SAML IDP.
The service is free until you go into Production and it's not locked down in any way - you have access to all the features).

Enjoy!

7 comments:

Stefan Rasmusson said...

Hi, I see that you have linked to my book, A Guide to OpenSAML. Just so you know I have now published a new book for version 3 of OpenSAML. Just send me an email and you will get a free copy. Would you mind adding the new book or update the old link, just so that people does not buy the old when they actually want the new?

nzpcmad said...

Updated!

Stefan Rasmusson said...

Hi, me with the book again =) I have now changed provider of the book ones again, due to GDPR disagreements. To prevent this changes in the future, I now have a redirect from my blog to the provider. Do you mind changing to https://blog.samlsecurity.com/a-guide-to-opensamlv3.html
for the new book edition and https://blog.samlsecurity.com/a-guide-to-opensamlv2.html for the old?

nzpcmad said...

No problem - Done.

shreeramm said...

Hello,

I have been trying to figure out if SAML based authentication is possible for an angular 7.x app with Azure AD as identity provider. Here's the link to the question I posed on stack overflow, would really appreciate a response.

https://stackoverflow.com/questions/54640672/how-to-implement-saml-based-authentication-for-an-angular-7-x-application-with-a

Sony said...

- Nice article thanks this post share

Sony said...

- Nice article thanks this post share