LLMpediaThe first transparent, open encyclopedia generated by LLMs

SimpleSAMLphp

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: OpenID Foundation Hop 4
Expansion Funnel Raw 72 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted72
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
SimpleSAMLphp
NameSimpleSAMLphp
TitleSimpleSAMLphp
DeveloperChristoffer Areskoug; contributors
Released2009
Programming languagePHP
Operating systemLinux, FreeBSD, Microsoft Windows
GenreIdentity management, Single sign-on
LicenseBSD license

SimpleSAMLphp is an open-source software package for implementing federated authentication and single sign-on in PHP environments. It provides Service Provider and Identity Provider functionality for protocols used across academic, corporate, and governmental federations such as SAML 2.0, Shibboleth (software), and OAuth 2.0. Widely adopted by universities, research organizations, and enterprises, it integrates with directory services and web applications to enable cross-domain authentication across infrastructures like eduGAIN, InCommon, and CANARIE.

Overview

SimpleSAMLphp was initiated to simplify deployment of SAML 2.0 and related protocols in PHP stacks used by institutions such as University of Oxford, Massachusetts Institute of Technology, and University of Cambridge. The project ecosystem intersects with federations and initiatives including eduGAIN, InCommon, TERENA, GÉANT, and SURFnet. SimpleSAMLphp implements both Identity Provider and Service Provider roles comparable to Shibboleth (software), while aiming for easier configuration and broader application-layer integration with platforms like Drupal, WordPress, Joomla!, Moodle, and MediaWiki.

Features and Architecture

The architecture separates protocol handling, authentication sources, and session management to interoperate with components such as Lightweight Directory Access Protocol, Active Directory, and LDAP (software). Core features include support for SAML 2.0, SAML 1.1, OAuth 2.0, OpenID Connect, attribute mapping, metadata aggregation, and a modular authentication pipeline akin to middleware used by Apache HTTP Server modules and Nginx. The software includes metadata handling comparable to Shibboleth (software) metadata managers, signature verification and encryption routines using libraries associated with OpenSSL and phpseclib, and user interfaces for administration inspired by patterns from Django admin and WordPress dashboards.

Installation and Configuration

Deployment typically requires a LAMP (software bundle) or LEMP stack on operating systems like Debian, Ubuntu, CentOS, or Red Hat Enterprise Linux. Administrators configure SimpleSAMLphp via PHP configuration files, metadata XML similar to SAML 2.0 descriptors, and integration with web servers such as Apache HTTP Server and Nginx. Common integration steps mirror procedures used by Shibboleth Consortium adopters and involve coordinating with federations like InCommon and eduGAIN for exchanging metadata and trust anchors. For authentication sources, connectors to LDAP (software), Microsoft Active Directory, and Kerberos realms are commonly used, reflecting patterns from MIT Kerberos deployments.

Authentication Protocols and Integrations

SimpleSAMLphp supports a range of protocols in the identity and federation landscape including SAML 2.0, SAML 1.1, OAuth 2.0, OpenID Connect, and legacy Shibboleth (software)-style interoperability. Integration points include institutional identity providers like LDAP (software) directories, Active Directory Federation Services, and research identity services used by CERN, European Organization for Nuclear Research, alongside application platforms such as Moodle, Drupal, WordPress, and enterprise portals based on Liferay. It also interoperates with federation operators and trust frameworks exemplified by eduGAIN, InCommon, and national federations like FAPESP-linked services or SURFnet.

Security and Privacy Considerations

Security functionality addresses signing, encryption, and certificate management leveraging cryptographic libraries such as OpenSSL and best practices promoted by entities like OWASP and standards bodies such as OASIS (organization). Privacy considerations include attribute minimization, consent handling, and pseudonymization patterns recommended by European Commission privacy frameworks and regulations such as General Data Protection Regulation compliance activities at institutions like University of Amsterdam or Max Planck Society. Operational security involves monitoring, hardening against common web threats identified by OWASP Top Ten, and coordinating metadata updates with federation operators like GÉANT.

Development, Extensibility, and Community

Development is maintained by contributors and institutions, with governance patterns mirroring other open-source projects such as Apache Software Foundation projects and community-driven efforts at Linux Foundation. The extensibility model supports custom authentication modules, attribute processing filters, and UI theming used by deployments at MIT, Stanford University, University of California, Berkeley, and research labs including CERN. Community interaction occurs via mailing lists, issue trackers, and code hosting approaches similar to those used by GitHub-hosted ecosystems and continuous integration practices from projects like Travis CI and Jenkins.

Deployment and Use Cases

Typical use cases include enabling single sign-on for learning management systems like Moodle, library services at British Library-scaled institutions, collaborative platforms used in Horizon 2020 projects, and corporate portals integrating with Active Directory Federation Services. Deployments range from campus-wide federation participation in eduGAIN to enterprise federations in sectors such as healthcare and research, aligning with trust frameworks similar to InCommon and compliance regimes like GDPR. The software’s lightweight PHP footprint makes it suitable for cloud-hosted environments on providers such as Amazon Web Services and Microsoft Azure and institutional data centers following practices from National Institutes of Health-funded projects.

Category:Identity management software