Lasso is a free software C library aiming to implement the Liberty Alliance standards; it defines processes for federated identities, single sign-on and related protocols. Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception).
We strongly recommend the use of the GNU General Public License each time it is possible. But for proprietary projects, that wouldn't want to use it, we designed a commercial license.
Lasso first focused on implementing the Liberty Alliance ID-FF 1.2 protocols. It now supports a good part of ID-WSF and SAML 2.0 support has also been completed.
SWIG is used to provide high-level bindings for other languages. Currently tested and distributed bindings are Python, Perl, Java and PHP as well as preliminary .NET assemblies (for C# and the .NET runtime environment).
It is primarly developed on GNU/Linux and works on many UNIX environments (including Apple MacOS X) and on Microsoft Windows.
Support Matrix
Lasso is just a library, it is up to the applications to use it to implement profiles defined by the Liberty Alliance. Lasso currently provides support for the following profiles:
| Feature | IdP | SP |
|---|---|---|
| Single Sign-On using Artifact Profile | OK | OK |
| Single Sign-On using Browser POST Profile | OK | OK |
| Single Sign-On using LECP Profile | OK | OK |
| Register Name Identifier - (IdP Initiated) - HTTP-Redirect | OK | OK |
| Register Name Identifier - (IdP Initiated) - SOAP/HTTP | OK | OK |
| Register Name Identifier - (SP Initiated) - HTTP-Redirect | OK | OK |
| Register Name Identifier - (SP Initiated) - SOAP/HTTP | OK | OK |
| Federation Termination Notification (IdP Initiated) - HTTP-Redirect | OK | OK |
| Federation Termination Notification (IdP Initiated) - SOAP/HTTP | OK | OK |
| Federation Termination Notification (SP Initiated) - HTTP-Redirect | OK | OK |
| Federation Termination Notification (SP Initiated) - SOAP/HTTP | OK | OK |
| Single Logout (IdP Initiated) HTTP-Redirect | OK | OK |
| Single Logout (IdP Initiated) HTTP-GET | OK | OK |
| Single Logout (IdP Initiated) SOAP | OK | OK |
| Single Logout (SP Initiated) HTTP-Redirect | OK | OK |
| Single Logout (SP Initiated) SOAP | OK | OK |
| Identity Provider Introduction (cookie) | OK | OK |
| Attribute Query SOAP | OK | OK |
| Authorization Decision Query SOAP | OK | OK |