Interoperability

SAML 2.0 Conformance Event

Lasso participated in the conformance event organized by the Liberty Alliance and hosted at ETSI in December 2006. During a week Lasso and other implementations were tested together and Lasso was then recognized as conformant ot SAML 2.0 specifications.

ID-FF 1.2 Conformance Event

To achieve Liberty Alliance certification a solution must be successfully tested against several others during a workshop week. In order to achieve the interoperability certification for a single role/profile, an implementation must complete the test sequence in conjunction with at least two other implementations in each of the complementary roles.

In May 2005 Lasso has passed these series of comprehensive interoperability conformance tests. It is therefore part of Liberty Alliance Project interoperable products list.

Work in progress: SAML 2.0 support

Development of SAML 2.0 support is ongoing and, thanks to the general availability of a few implementations, some tests have been done.

OpenSSO

Access Manager is listed as a certified SAML 2.0 implementation and OpenSSO code is said to be Access Manager code but OpenSSO did not have any federation or cross-domain SSO support. Federation support is part of Sun Java System Federation Manager, which was not available as open source by the time of those tests.

Sun Java System Federation Manager has been integrated into OpenSSO (as openfm) on November 6th 2006. It has been added to our testing agenda.

Lightbulb

Aside OpenSSO is a small project, lightbulb, which aims to implement SAML 2.0 support in pure PHP. It is not certified and only implements SAML 2.0 SSO POST.

Those tests have last been conducted on November 2nd 2006.

Lasso / Lightbulb Compatibility Matrix
Protocol SP IdP Initiated by Profile Test
Single Sign-On & Federation Lightbulb Lasso SP redirect/post/federated OK

zxid

zxid is different things, including a SAML 2.0 service provider as CGI program. It is free software (license is Apache License 2.0 and is developed by Sampo Kellomäki, of Symlabs fame.

Those tests have last been conducted on November 6th 2006.

Lasso / zxid Compatibility Matrix
Protocol SP IdP Initiated by Profile Test
Single Sign-On & Federation zxid Lasso SP redirect/artifact/federated OK
redirect/artifact/none Not tested
post/artifact/federated N/I
post/artifact/none N/I
redirect/post/federated OK
redirect/post/none Not tested
Single Logout zxid Lasso SP SOAP OK
redirect OK
IdP SOAP Error
redirect Not tested
get Not tested
Name ID Management (only federation termination in zxid) zxid Lasso SP SOAP OK
redirect OK
IdP SOAP Error
redirect Not tested

Symlabs Federated Identity Access Manager

Symlabs FIAM is a complete identity management solution, certified as SAML 2.0 conformant in July 2005. There is a free evaluation version available on their website.

Those tests have last been conducted on December 2nd 2006.

Lasso / SFIAM Compatibility Matrix
Protocol SP IdP Initiated by Profile Test
Single Sign-On & Federation Lasso SFIAM SP redirect/artifact/federated OK
redirect/artifact/transient OK
redirect/post/federated OK
redirect/post/transient OK
IdP redirect/artifact/federated OK
redirect/post/federated OK
SFIAM Lasso SP redirect/artifact/federated OK
redirect/artifact/transient OK
redirect/artifact/encrypted OK
redirect/post/federated OK
redirect/post/transient OK
redirect/post/encrypted OK
IdP redirect/artifact/federated OK
redirect/artifact/encrypted OK
redirect/post/federated OK
redirect/post/encrypted OK
Single Logout Lasso SFIAM SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
get OK
SFIAM Lasso SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
get OK
Name ID Management Lasso SFIAM SP SOAP Not tested
redirect Not tested
IdP SOAP Not tested
redirect Not tested
SFIAM Lasso SP SOAP OK
redirect OK
IdP SOAP OK
redirect Not tested

Old tests

ID-FF 1.2 against SourceID

Prior to the conformance event we tested Lasso ID-FF support against SourceID.

SourceID is an open source multi-protocol project for enabling identity federation and cross-boundary security. It implements ID-FF 1.2 and has been stamped as "Liberty Interoperable". Web site: www.sourceid.org. Lasso interoperability last tested with Lasso 0.6.0 on January 24th.

Lasso / SourceID Compatibility Matrix
Protocol SP IdP Initiated by Profile Test
Single Sign-On & Federation Lasso SourceID SP redirect/artifact/federated OK
redirect/artifact/none OK
post/artifact/federated OK
post/artifact/none OK
redirect/post/federated OK
redirect/post/none OK
post/post/federated OK
post/post/none OK
IdP artifact/any OK
SourceID Lasso SP redirect/artifact/federated OK
post/post/federated OK
IdP artifact/any OK
Single Logout Lasso SourceID SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
get OK
SourceID Lasso SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
get OK
Federation Termination Lasso SourceID SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
SourceID Lasso SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
Register Name Identifier Lasso SourceID SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK
SourceID Lasso SP SOAP OK
redirect OK
IdP SOAP OK
redirect OK