SAML Server
Background
Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions).
Yubico partners with third party online SAML identity services to be able to offer several YubiKey enabled SAML providers for our customers. We also encourage various free software projects to implement support for YubiKey in their SAML packages.
Yubico SAML demo service
Yubico hosts a basic test SAML server, intended for testing SAML with Google Apps Premier Edition.
Wiki page with instructions on how to test our SAML server:
The administrative interface to the SAML Server:
» https://saml.yubico.com/admin/
Video demonstrating the Yubico SAML Server in action:
» http://www.vimeo.com/4163662
Shibboleth
Shibboleth is the leading SAML implementation used in higher education federations around the world. YubiKey authentication is possible with the Yubico JAAS module found in the Yubico Java client:
» http://code.google.com/p/yubico-java-client/
Multifactor authentication with Shibboleth is possible with the multifactor login handler contributed to the community by Yubico:
» https://wiki.shibboleth.net/confluence/x/aYBC
simpleSAMLphp
simpleSAMLphp is a simple PHP application to perform authentication which supports several federation protocols, including SAML.
Download implementations:
» simpleSAMLphp
» Andreas's blog entry about his work
» Yubico's SAML administration tool
Third party SAML providers
Enterprise class SAML servers and services supporting the YubiKey include:
» OneLogin
» Clavid
» ForgeRock
» Svensk e-identitet
» Technical description of Svensk e-identitet SAML service used by Swedish schools
