0

I am working on a product (service provider) which uses SAML 2.0 for authentication purpose. Having said that I wanted to know what you all think are the top and most trusted identity providers that are in the market, that supports SAML 2.0 and if there is any data sheet available on the facts related to the top identity providers used today.

I have used Oracle's Identity Federation and IBM Tivoli. I have also got good reviews about siteminder.

thanks
Nohsib

Nohsib
  • 3,614
  • 14
  • 51
  • 63

3 Answers3

0

I'm not aware of any statistics on usage so I can only give you a subjective view of what I've run into. In mid-large corporations ADFS (Active Directory Federation Services) seems to be a good fit since it supports SAML 2.0 (or at least it supports it reasonably well) and many corporations already use AD, so the integration pain is pretty low.

As a side note, as a Service Provider, it shouldn't really matter to you which IDP you're talking to. If an IDP properly implements SAML (and that's admittedly a big if), it should just work. Beyond having some stock suggestions for clients when they ask about IDPs, you probably don't want to know the details. Unless you have a dedicated provisioning department with a fair bit of time on their hands, you really don't want to deal with helping clients set up their IDP.

Aurand
  • 5,487
  • 1
  • 25
  • 35
  • Thanks @Aurand. What we trying to see if our SP(service provider) which implements saml 2.0 can work seamlessly with the IDPs that implement saml2.0 (and as you mentioned , there is a big "if" on the proper implementation of saml 2.0 spec on the idp side) and for which we need to know the most accepted and trusted IDPs in the market and validate the authentication process on our side in advance, before releasing to the client, to ensure the authentication goes through as expected without any surprises. So we can "*certify*" our SP's authentication piece against those Idps. – Nohsib Jun 07 '13 at 19:18
  • From a development perspective, build to the spec with exacting detail and pick any IDP for testing against (it doesn't really matter which one). That will validate that your application works. From a provisioning perspective, there will be surprises. Setting up a new client's IDP to work with your service is almost never smooth. An entity descriptor will be wrong or they will mess up a config. Getting the first authentication will be a pain, but after that it should just work. – Aurand Jun 07 '13 at 19:24
  • Yup, thats already done with OIF - Oracle Identity fed and IBM Tivoli. Now looking to see whats the most accepted IDPs in the market. – Nohsib Jun 07 '13 at 19:33
0

Refer: SAML-based products and services.

There's a whole raft of products that do this - among the ones I've use are OpenAM, shibboleth, Ping and simpleSAMLPHP.

They all work - it depends on what language you're application is written in and how much you are prepared to pay.

Have a look at Gartner's Magic Quadrant reports.

rbrayb
  • 46,440
  • 34
  • 114
  • 174
0

SecureAuth, Ping Identity, Oracle, Shib and adfs 2.oh my god are pretty much the top saml idp's today (source, I install idp's everyday for huge orgs)

user2598276
  • 26
  • 1