This project is a server implementation for the Security Assertion Markup Language (SAML) standard written for Go
.
The most important packages of the library:
/pkg /provider definitions and implementation of a SAML provider (Identity provider) /serviceprovider definitions and implementation of a SAML user (Service provider) /xml definitions of SAML xml messages /checker helper to abstract the SAML standard in the processes /signature implementation to handle and create SAML signature
Supported SAML features:
Feature | Identity provider |
---|---|
POST-binding | yes |
Redirect-binding | yes |
Artifact-binding | no |
Request signing | yes |
Response signing | yes |
Metadata signing | yes |
Response encryption | no |
Assertion Query/Request | no |
Attribute Query | yes |
NameID Mapping | no |
For your convenience you can find the relevant standards linked below.
- Security Assertion Markup Language (SAML) V2.0 Technical Overview
- Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 – Errata Composite
- Bindings for the OASIS Security Assertion Markup Language (SAML) V2.0 – Errata Composite
- Profiles for the OASIS Security Assertion Markup Language (SAML) V2.0 – Errata Composite
- Metadata for the OASIS Security Assertion Markup Language (SAML) V2.0 – Errata Composite
- Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) V2.0 – Errata Composite
- xml.com SAML Specifications
- SAML Developer Tools from Onelogin
For security reasons, we only support and recommend the use of one of the latest three Go versions (:white_check_mark:)
.
Versions that also build are marked with
Version | Supported |
---|---|
<1.19 | ❌ |
1.19 | |
1.20 | ✅ |
1.21 | ✅ |
As of 2021 there are only few SAML
libraries, written in Go
, which handle server and client implementations. As
maintainer of github.com/zitadel/zitadel we are strongly committed to the general
field of IAM (Identity and Access Management) and as such, we need solid frameworks to implement services.
The existing libraries that we evaluated were not implementing the standard strictly. For that reason we developed this project to be compliant to the standard, while still having the possibility to handle outliers.
For signing and signature verification other already existing implementations
like github.com/russellhaering/goxmldsig
(for POST-binding)
and github.com/amdonov/xmlsig
(for redirect-binding).
Supports both IDP and SP side, whereas the IDP side is by their own definition only rudimentary.
https://github.com/russellhaering/gosaml2
Implementation of SP side with no IDP side, works with a lot of identity providers, also has an implementation of the XML signing which is used in this library.
https://github.com/RobotsAndPencils/go-saml
Only SP side, developed for several specific integrations with different IDPs, not an implementation for general SAML.
https://github.com/amdonov/lite-idp
Basic implementation of IDP side more as a standalone service, not that good to integrate into existing product.
The full functionality of this library is and stays open source and free to use for everyone. Visit our website and get in touch.
See the exact licensing terms here
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an " AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.