Identity Provider Implementation with SAML V2 and Java

Question

After successfully implementing SAML-V2 Service Provider (SP); for supporting some specific use-case, I have to implement my own SAML-2 IdP. After going through OASIS Documentation and many others about the SAML protocol, I have started implementing it.

My Use-case is just a single profile (Web Browser SSO Profile) with SP-Initiated SSO: Redirect Bindings only.

I am looking for some lean third-party library or java based implementation which I can refer/use to speed up the implementation and customize on top of that.

Would love for any recommendation or suggestion in this direction.

To be specific I'm looking for any/all of below :

Easy to use open-source library for implementing SAML-V2 Identity Provider in Java.
Detailed documentation/specification for above profile.
Any advice from experts who have past experience in implementation such kind of IdP.

There is lots of material available for SP. However, very few and complex for IdP. Some of the java-based implementation which I am already looking are : KeyCloak and Lite-IdP.

Implementing a SAMLv2 compliant IdP is quite some effort. You might even do a compliance test. I wonder why you can not use an existing one, even a free of charge one. — Bernhard Thalmayr

identigral identigral · Accepted Answer · 2019-08-11T20:57:21

"Very few and complex" is true because building a real-world identity provider is a serious project. OpenSAML as the library is your best option in Java - many enterprise-grade implementations that we know about are built with it. A good, stripped-down example of how to use OpenSAML in IdP context is https://github.com/OpenConext/Mujina .

Lite IdP is written in Go. If you're open to non-Java options, SimpleSAMLphp is excellent, it's certainly better documented than many others.

Identity Provider Implementation with SAML V2 and Java

2 Answers