saml-idp
shib-sp
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
saml-idp
- SAML Is Insecure by Design
-
The Difficulties of SAML Single Logout
To be fair, SAML itself isn't that difficult -- Shibboleth is just not very good.
I implemented a SAML IdP [0] in MUCH less time than it took to configure Shibboleth. The specification for SAML is pretty easy to comprehend.
The implementation is really an experiment, but the configuration and usability is significantly better. Improving the implementation doesn't affect this. In some closed-source forks I've written a production version that's been in use for several years.
[0] https://github.com/rkeene/saml-idp/blob/master/lib/saml/saml...
shib-sp
-
SAML Is Insecure by Design
How is Shibboleth SP's track record on SAML vulnerabilities, either patching them quickly or avoiding them altogether?
My company needed to implement SAML SP support in one of our products so we could get academic customers, particularly those that are part of the InCommon federation. We contracted with a company that specializes in SAML and Shibboleth to help us get it right. We decided to use Shibboleth SP running in a container; that container also has Apache httpd (as practically required by Shib SP) and a little Python shim app that generates a JWT and passes it back to our main app. Hopefully that's a good way of using the nearest thing to a canonical SAML SP implementation, without running our whole application through Apache httpd. In case anyone's interested, our Shib SP container setup, with the Python shim app, is here:
https://github.com/PneumaSolutions/shib-sp
It's probably still too specific to our application, but might be useful as a starting point for others.
What are some alternatives?
ASP.NET SAML - Very simple SAML 2.0 consumer module for ASP.NET/C#
mundane - Mundane is a Rust cryptography library backed by BoringSSL that is difficult to misuse, ergonomic, and performant (in that order).
fusionauth-issues - FusionAuth issue submission project
fusionauth-samlv2 - SAML v2.0 bindings in Java using JAXB