Lasso is a free software C library aiming to implement the Liberty Alliance standards; it defines processes for federated identities, single sign-on and related protocols. Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception).

We strongly recommend the use of the GNU General Public License each time it is possible. But for proprietary projects, that wouldn't want to use it, we designed a commercial license.

Lasso first focused on implementing the Liberty Alliance ID-FF 1.2 protocols. It now supports a good part of ID-WSF and SAML 2.0 support has also been completed.

SWIG is used to provide high-level bindings for other languages. Currently tested and distributed bindings are Python, Perl, Java and PHP as well as preliminary .NET assemblies (for C# and the .NET runtime environment).

It is primarly developed on GNU/Linux and works on many UNIX environments (including Apple MacOS X) and on Microsoft Windows.

Support Matrix

Lasso is just a library, it is up to the applications to use it to implement profiles defined by the Liberty Alliance. Lasso currently provides support for the following profiles:

Supported Liberty protocol profiles
Feature IdP SP
Single Sign-On using Artifact Profile OK OK
Single Sign-On using Browser POST Profile OK OK
Single Sign-On using LECP Profile OK OK
Register Name Identifier - (IdP Initiated) - HTTP-Redirect OK OK
Register Name Identifier - (IdP Initiated) - SOAP/HTTP OK OK
Register Name Identifier - (SP Initiated) - HTTP-Redirect OK OK
Register Name Identifier - (SP Initiated) - SOAP/HTTP OK OK
Federation Termination Notification (IdP Initiated) - HTTP-Redirect OK OK
Federation Termination Notification (IdP Initiated) - SOAP/HTTP OK OK
Federation Termination Notification (SP Initiated) - HTTP-Redirect OK OK
Federation Termination Notification (SP Initiated) - SOAP/HTTP OK OK
Single Logout (IdP Initiated) ­ HTTP-Redirect OK OK
Single Logout (IdP Initiated) ­ HTTP-GET OK OK
Single Logout (IdP Initiated) ­ SOAP OK OK
Single Logout (SP Initiated) ­ HTTP-Redirect OK OK
Single Logout (SP Initiated) ­ SOAP OK OK
Identity Provider Introduction (cookie) OK OK
Attribute Query SOAP OK OK
Authorization Decision Query SOAP OK OK