Interoperability
SAML 2.0 Conformance Event
Lasso participated in the conformance event organized by the Liberty Alliance and hosted at ETSI in December 2006. During a week Lasso and other implementations were tested together and Lasso was then recognized as conformant ot SAML 2.0 specifications.
ID-FF 1.2 Conformance Event
To achieve Liberty Alliance certification a solution must be successfully tested against several others during a workshop week. In order to achieve the interoperability certification for a single role/profile, an implementation must complete the test sequence in conjunction with at least two other implementations in each of the complementary roles.
In May 2005 Lasso has passed these series of comprehensive interoperability conformance tests. It is therefore part of Liberty Alliance Project interoperable products list.
Work in progress: SAML 2.0 support
Development of SAML 2.0 support is ongoing and, thanks to the general availability of a few implementations, some tests have been done.
OpenSSO
Access Manager is listed as a certified SAML 2.0 implementation and OpenSSO code is said to be Access Manager code but OpenSSO did not have any federation or cross-domain SSO support. Federation support is part of Sun Java System Federation Manager, which was not available as open source by the time of those tests.
Sun Java System Federation Manager has been integrated into OpenSSO (as openfm) on November 6th 2006. It has been added to our testing agenda.
Lightbulb
Aside OpenSSO is a small project, lightbulb, which aims to implement SAML 2.0 support in pure PHP. It is not certified and only implements SAML 2.0 SSO POST.
Those tests have last been conducted on November 2nd 2006.
| Protocol | SP | IdP | Initiated by | Profile | Test |
|---|---|---|---|---|---|
| Single Sign-On & Federation | Lightbulb | Lasso | SP | redirect/post/federated | OK |
zxid
zxid is different things, including a SAML 2.0 service provider as CGI program. It is free software (license is Apache License 2.0 and is developed by Sampo Kellomäki, of Symlabs fame.
Those tests have last been conducted on November 6th 2006.
| Protocol | SP | IdP | Initiated by | Profile | Test |
|---|---|---|---|---|---|
| Single Sign-On & Federation | zxid | Lasso | SP | redirect/artifact/federated | OK |
| redirect/artifact/none | Not tested | ||||
| post/artifact/federated | N/I | ||||
| post/artifact/none | N/I | ||||
| redirect/post/federated | OK | ||||
| redirect/post/none | Not tested | ||||
| Single Logout | zxid | Lasso | SP | SOAP | OK |
| redirect | OK | ||||
| IdP | SOAP | Error | |||
| redirect | Not tested | ||||
| get | Not tested | ||||
| Name ID Management (only federation termination in zxid) | zxid | Lasso | SP | SOAP | OK |
| redirect | OK | ||||
| IdP | SOAP | Error | |||
| redirect | Not tested |
- Error with federation termination requested from Lasso to zxid : SOAP message POSTed to correct URL (zxid?o=S) but HTML document answer from this URL.
- Error with single logout requested from Lasso to zxid : SOAP message POSTed to correct URL (zxid?o=S) but HTML document answer from this URL.
Symlabs Federated Identity Access Manager
Symlabs FIAM is a complete identity management solution, certified as SAML 2.0 conformant in July 2005. There is a free evaluation version available on their website.
Those tests have last been conducted on December 2nd 2006.
| Protocol | SP | IdP | Initiated by | Profile | Test |
|---|---|---|---|---|---|
| Single Sign-On & Federation | Lasso | SFIAM | SP | redirect/artifact/federated | OK |
| redirect/artifact/transient | OK | ||||
| redirect/post/federated | OK | ||||
| redirect/post/transient | OK | ||||
| IdP | redirect/artifact/federated | OK | |||
| redirect/post/federated | OK | ||||
| SFIAM | Lasso | SP | redirect/artifact/federated | OK | |
| redirect/artifact/transient | OK | ||||
| redirect/artifact/encrypted | OK | ||||
| redirect/post/federated | OK | ||||
| redirect/post/transient | OK | ||||
| redirect/post/encrypted | OK | ||||
| IdP | redirect/artifact/federated | OK | |||
| redirect/artifact/encrypted | OK | ||||
| redirect/post/federated | OK | ||||
| redirect/post/encrypted | OK | ||||
| Single Logout | Lasso | SFIAM | SP | SOAP | OK |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| get | OK | ||||
| SFIAM | Lasso | SP | SOAP | OK | |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| get | OK | ||||
| Name ID Management | Lasso | SFIAM | SP | SOAP | Not tested |
| redirect | Not tested | ||||
| IdP | SOAP | Not tested | |||
| redirect | Not tested | ||||
| SFIAM | Lasso | SP | SOAP | OK | |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | Not tested |
Old tests
ID-FF 1.2 against SourceID
Prior to the conformance event we tested Lasso ID-FF support against SourceID.
SourceID is an open source multi-protocol project for enabling identity federation and cross-boundary security. It implements ID-FF 1.2 and has been stamped as "Liberty Interoperable". Web site: www.sourceid.org. Lasso interoperability last tested with Lasso 0.6.0 on January 24th.
| Protocol | SP | IdP | Initiated by | Profile | Test |
|---|---|---|---|---|---|
| Single Sign-On & Federation | Lasso | SourceID | SP | redirect/artifact/federated | OK |
| redirect/artifact/none | OK | ||||
| post/artifact/federated | OK | ||||
| post/artifact/none | OK | ||||
| redirect/post/federated | OK | ||||
| redirect/post/none | OK | ||||
| post/post/federated | OK | ||||
| post/post/none | OK | ||||
| IdP | artifact/any | OK | |||
| SourceID | Lasso | SP | redirect/artifact/federated | OK | |
| post/post/federated | OK | ||||
| IdP | artifact/any | OK | |||
| Single Logout | Lasso | SourceID | SP | SOAP | OK |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| get | OK | ||||
| SourceID | Lasso | SP | SOAP | OK | |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| get | OK | ||||
| Federation Termination | Lasso | SourceID | SP | SOAP | OK |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| SourceID | Lasso | SP | SOAP | OK | |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| Register Name Identifier | Lasso | SourceID | SP | SOAP | OK |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK | ||||
| SourceID | Lasso | SP | SOAP | OK | |
| redirect | OK | ||||
| IdP | SOAP | OK | |||
| redirect | OK |