Seam based applications

As part of project PicketLink Marcel Kolsteren, Seam Integration Lead, developed a module that allows developers to easily connect their seam application to external identity providers. The module supports SAML and OpenID. It also ships with an out-of-the box integration with SSOCircle. You will find a preconfigured saml-entities.xml file which includes the meta data for SSOCircle public IDP. Read more on

The Fedlet

The Fedlet is a preconfigured java web application that allows you to set up a SAML service provider in the SSOCircle of trust in minutes. Get the SSOCircle Fedlet from our Download Service.

You can SAML leverage your Java application by integrating the Fedlet into your authentication process. SAML made easy. – A Service Provider in “pure” PHP

Lightbulb a OpenSSO Extension is an implementation which only uses PHP code ( you need openssl though ). You need not to install additional php extension on our webserver. What does this mean ? It means you can drop the script to your php directory on any hosting environment that offers PHP. Integrating SAML 2.0 in your PHP application was never easier than today.

Check the demo and you will see how it works. The demo can be used to integrate several PHP based applications.

Use Case: A Service Provider with its own local user database. You can create your own local account with a password and you can log in and use the SP “stand alone”. But if you want to use Single Sign On you have the choice to link that local account to your identity at SSOCircle – a process called federation. These two accounts need not to have the same user id. You can link the account “john” at the IDP with “pokerface”.

After successfull linkage you will be able to sign in to the service provider using SSOCircle as the one that asserts that you are the one you say you are. At that point you need not to remember your local user id and password anymore.

You can download the sample from the Download SP and use it at your web site. You will need a PHP 5 capable web server and a mysql database for storing user information. The Gzip file is only of 19 kb size and has a single configuration file – you only need to change 5 parameters to adopt it to your site.

A simple CGI Script as a Service Provider

Check out the simple C-written CGI script which can be used as a simple Service Provider (SP).
In this use case you do not have a local account at the SP The SP redirects you to the SSOCircle Identity Provider for authentication. After being redirected top the Service Provider the Nameid which was created by the SSOCircle IDP is shown as a User Identifier. Normally the Name Identifier would be used to map the Identity Provider account to a local account
This is what is meant with account linkage or federation

See the Service Provider in action:

Download a SAML 2.0 Sample Service Provider and start your first federated service

You need to do the few steps listed below to start your first federated service provider. As the only prerequisite you need a web server ( apache, sun … ) that is configured to run CGI scripts. The sample is written in C and has all required libraries and files included.

  • Register your account with SSOCircle
  • Get the tar file at the Download Service Provider
  • Unpack the file into your cgi-bin directory of your web server: tar xvzf <filename >
  • Modify the zxid.conf file of your cgi-bin directory and modify the parameter: URL=<http://your_machine_name:port/cgi-bin/mysp>
  • Get your Service Provider Metadata at the URL http://<your_machine_name:port/cgi-bin/mysp?o=B>
  • Import the Metadata to the SSOCircle of trust
  • Start the URL: <http://your_machine_name:port/cgi-bin/mysp>
  • For the impatient: If you don’t want to follow the import steps listed above you might consider adding an entry for to your hosts file which points at your web server machine