Home | Open Source | SimpleSAMLphp


SimpleSAMLphp is an award-winning application written in native PHP, providing authentication and authorization infrastructure based on the Security Assertion Markup Language (SAML). The main focus of SimpleSAMLphp is to provide support for SAML 2.0 Service Provider (SP) and SAML 2.0 Identity Provider (IdP). It also can support Shibboleth 1.3 and Central Authentication Service (CAS).

Federated Identity Solution

SimpleSAMLphp is both a full-featured SAML IdP and SAML SP in one package, and besides Shibboleth, is the only other SAML implementation recommended for InCommon® Federation participants. It can be the core of a federated single sign-on environment. Since SimpleSAMLphp is written in PHP, it is a particularly convenient and flexible option for integration of PHP applications into a federation. SimpleSAMLphp can be easily integrated with, and through, a wide variety of authentication and attribute sources and protocols, including LDAP, SQL ServerTM, Radius, SAML, CAS, OAuth, YubiKeyTM, etc.

A key distinguishing feature of SimpleSAMLphp is the ease of using it as an IdP Proxy, sitting between services on one side and any number of IdPs on the other side. An IdP Proxy is a gateway that allows multiple IdPs/ authentication sources to appear to be a single IdP to the services on the other side of the IdP Proxy. This can be a particularly useful feature for higher education systems composed of multiple colleges and universities, for statewide K-12 efforts, or for adding support for social identity logins to authentication services. Note that the IdPs on the “authentication side” of SimpleSAMLphp can be any combination of SAML IdPs (e.g. Shibboleth), CAS Servers, LDAP/ Active Directory servers, social IdP/ authentication sources including GoogleTM, Facebook®, LinkedIn®, etc. This makes SimpleSAMLphp a powerful tool for the complex authentication needs of any institution, organization, or company.

SimpleSAMLphp has many extension points and a wide range of pre-built processing filters that can be applied before replying to an authentication request or after receiving one. It is easy to manipulate attributes, create new attributes, remove attributes, or any other changes that are needed to ensure a service receives exactly the attributes it needs – but no more. Almost any change can be “live” immediately, and being in PHP, the barriers to extending the code are low.

Commercial Support

Unicon offers commercial technical support for SimpleSAMLphp through its Open Source Support program, which provides enterprise commercial support and consulting for open source projects. This SLA-driven program is backed by an accountable team of open source experts, each possessing deep experience within the supported open source projects.

Unicon’s experts provide high confidentiality and guaranteed response times during business hours or around the clock. Take advantage of a flexible, customizable open source support service with direct access to a dedicated team of developers, consultants, and system administrators. This unique, innovative support model grants access to expert support resources for any type of issue encountered. All support cases are handled directly by experts from the start.