Rory Braybrook
Jan 31, 2018 · 4 min read

I see this question over on stackoverflow every day.

“My boss says we have to make the application SAML compliant so we can authenticate with a SAML IDP. I’m lost”

or

“I’m trying to build up a SAML Request with the C# class xxx and it’s not working”.

First off, do not try and roll your own. SAML is complicated — just ask the people that wrote the stacks 😄

Let’s have a look at what’s out there:

(and chocolate fish for nzpcmad for his contribution).

Some of these are commercial; some are written and maintained by dedicated people who do a superb job. If you use their stack, please consider donating.

Disclaimer: I have not personally tried all of these — “*” marks the ones I have used.

By language:

C#

Once upon a time, Microsoft announced the WIF Extension for SAML 2.0. It never went anywhere, there were never any bug fixes, it was deprecated and the links have been removed. It was only applicable for .NET 3.5 and was buggy.

There is NO repeat NO official Microsoft C# client-side SAML protocol stack.

1. OneLogin

OneLogin has implemented and open-sourced SAML toolkits for five different web development platforms.

These are ASP.NET, Python, Ruby, PHP and Java.

Also, OneLogin’s Open-Source SAML Toolkits and Github.

2. Sustainsys *

The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider (SP).

The library was previously named Kentor.AuthServices.

They have implemented a stack for .Net Core 2 — use this version.

It can also be is a plugin for Indentityserver 4 (SP only).

3. OWIN.Security.SAML

Owin middleware to implement the SAML2 Protocol as a Service Provider.

Have a look at Owin.Security.Saml

4. OIOSAML

This is a Danish contribution and the web site is in Danish.

OIOSAML.

5. SAML2

A .NET implementation of the SAML 2.0 specification for SP integrations.

SAML2

6. Safewhere SAML2

SAML 2.0 for WIF is a DLL-file that extends the Windows Identity Foundation with native support for the SAML 2.0 protocol.

7. AspNetSaml

A very simple SAML 2.0 “consumer” implementation in C# (i.e. allows adding SAML single-sign-on to your ASP.NET app, but not to provide auth services to other applications).

Java

Onelogin and OIOSAML as above.

1. OpenSAML

OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language (SAML). OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.

OpenSAML

Good book on this — A Guide to OpenSAML V3.0 and the earlier version — A Guide to OpenSAML V2.0

2. Spring Security

Spring Security SAML Extension allows seamless combination of SAML 2.0 and authentication and federation mechanisms in a single application.

All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS, Okta, Shibboleth, OpenAM, Efecte EIM or Ping Federate) can be used to connect with the extension.

Spring security

3. auth10

This library speaks the WS-Federation protocol and SAML 1.1 and 2.0 tokens. It interops fine with Microsoft-related products like ADFS, Windows Azure Active Directory and Windows Identity Foundation.

auth10-java

PHP

OneLogin as above.

1. SimpleSAMLphp

SimpleSAMLphp is an award-winning application written in native PHP that deals with authentication. The project is led by UNINETT, has a large user base, a helpful user community and a large set of external contributors. The main focus of SimpleSAMLphp is providing support for:

SimpleSAMLphp

2. LightSAML

LightSAML is a stack of PHP libraries and bundles implementing OASIS’ SAML 2.0 protocol.

LightSAML

Ruby

OneLogin as above.

Python

  1. OneLogin as above.

2. PySAML2

PySAML2 is a pure Python implementation of SAML2. It contains all necessary pieces for building a SAML2 service provider or an identity provider.

Node.js

1. Passport SAML

The original implementation.

This is a SAML 2.0 authentication provider for Passport, the Node.js authentication library.

The code was originally based on Michael Bosworth’s express-saml library.

Passport-SAML has been tested to work with Onelogin, Okta, Shibboleth, SimpleSAMLphp based Identity Providers, and with Active Directory Federation Services.

2. Passport SAML (bergie)

This is “bergie SAML”, an alternative fork of Passport SAML

3. saml2.js (“clever SAML”)

saml2-js is a node module that abstracts away the complexities of the SAML protocol behind an easy to use interface.

Commercial

1. ComponentSpace *

ComponentSpace SAML SSO solutions are fully functional and flexible components that quickly and easily plug directly into your existing ASP.NET and ASP.NET Core web applications.

Componentspace

There is also a SAML v2.0 for ASP.NET Core product.

It can also be is a plugin for Indentityserver 4.

2. Rock Solid Knowledge *

This is for .NET Core 2 and is a plugin for Indentityserver 4.

Rock Solid Knowledge

Identity aaS (as a service)

There are a number of SaaS products that can handle SAML.

Examples:

Tools

Just for completeness!

1. ADFSHelp

Tools to diagnose ADFS. Includes SAML functionality.

2. OneLogin

Set of SAML tools.

3. SAML decoder

Decoder from Auth0.

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Microsoft MVP. Azure AD/B2C/ADFS. Plus Auth0/identityserver. N. Shore .NET UG Admin. Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade