OpenSAML-Java is a low-level library written in Java that provides support for producing and consuming SAML messages, creating and evaluating digitally signed and encrypted content, and working with SAML bindings. Extensive support for consuming SAML metadata is also provided, along with an API for establishing security policies around the consumption of SAML messages.
This library is intended for people needing to write SAML identity providers, service providers, and certain types of advanced clients. It is not by itself an implementation of any of those things, and developers are strongly encouraged to evaluate existing products before creating their own as doing so is a lot of work and prone to error unless you have significant expertise in SAML. The low-level nature of the library and lack of documentation makes the software a poor choice for beginners or those without extensive background in the area.
- Java bean APIs for constructing and interrogating SAML messages.
- Active management of the underlying DOM structure (necessary for robust digital signature and encryption support).
- Support for trust models based on SAML metadata and PKI.
- Pluggable APIs for handling cryptographic keys and certificates and many other library features.
- Basic support for SAML message bindings.