Identity Provider Implementation with SAML V2 and Java

Question

After successfully implementing SAML-V2 Service Provider (SP); for supporting some specific use-case, I have to implement my own SAML-2 IdP. After going through OASIS Documentation and many others about the SAML protocol, I have started implementing it.

• My Use-case is just a single profile (Web Browser SSO Profile) with SP-Initiated SSO: Redirect Bindings only.

I am looking for some lean third-party library or java based implementation which I can refer/use to speed up the implementation and customize on top of that.

Would love for any recommendation or suggestion in this direction.

To be specific I'm looking for any/all of below :

• Easy to use open-source library for implementing SAML-V2 Identity Provider in Java.
• Detailed documentation/specification for above profile.
• Any advice from experts who have past experience in implementation such kind of IdP.

---

There is lots of material available for SP. However, very few and complex for IdP. Some of the java-based implementation which I am already looking are : KeyCloak and Lite-IdP.

Answer 1

"Very few and complex" is true because building a real-world identity provider is a serious project. OpenSAML as the library is your best option in Java - many enterprise-grade implementations that we know about are built with it. A good, stripped-down example of how to use OpenSAML in IdP context is https://github.com/OpenConext/Mujina .

Lite IdP is written in Go. If you're open to non-Java options, SimpleSAMLphp is excellent, it's certainly better documented than many others.

Answer 2

I'd post it as comment, but I don't have enough reputation. But here you have almost the same question, regarding Spring SAML: using-spring-saml-as-an-idp-rather-than-an-sp

Take a look at Vladimir's answer, I think it's what you're looking for. Here is the link suggested by him.

Cheers