SimpleSAMLphp

SimpleSAMLphp is an open-source PHP-based Identity Provider (IdP) and Service Provider (SP) implementation of SAML 2.0, with optional support for OpenID Connect (OIDC) via modules. It enables web SSO, federation, and attribute release in self-hosted environments. SimpleSAMLphp is maintained by the UNINETT/NIIF consortium and is widely used in academic federations (e.g., eduGAIN, InCommon) and lightweight enterprise IdP deployments.

Key Capabilities

  • SAML 2.0 IdP and SP: Implements full SAML 2.0 WebSSO, Single Logout, and metadata exchange for federation interoperability.

  • Pluggable authentication sources: Connects to LDAP, Active Directory, SQL, OAuth, or flat-file user stores for identity lookups.

  • OIDC support: Optional OpenID Connect module (from Uninett or community) allows acting as an OIDC Provider (OP) or Relying Party (RP).

  • Attribute release & filtering: Defines per-SP rules for which attributes are released in SAML assertions.

Limitations

  • OIDC/OAuth 2.0 maturity: OIDC support depends on optional modules; not enough public information to confirm built-in support for PAR, DPoP, mTLS/FAPI or advanced OAuth security profiles

  • SCIM provisioning: No SCIM 2.0 provisioning features—focus remains on authentication and attribute release.

  • Admin/ops complexity: Configuration relies on PHP arrays and metadata files; federation metadata and cert rotation are manual.

  • No built-in MFA: Requires integration with external MFA or authentication plugins (e.g., privacyIDEA, LinOTP, Duo).

  • Self-managed: Entirely on-premises; requires PHP/web stack maintenance and periodic security patching.

Customer Identity, Simplified.

No Complexity. No Limits.
Thousands of businesses trust LoginRadius for reliable customer identity. Easy to integrate, effortless to scale.

See how simple identity management can be. Start today!
Free Trial
Contact Sales