samlify

English

简体中文

English

简体中文

Appearance

samlifySAML 2.0 SSO Library

High-level API for Single Sign-On (SSO) and Single Logout (SLO)

Get Started
View on GitHub
npm
🔐

Complete SAML 2.0

Full implementation of SSO and SLO flows with all major bindings support

Learn more about Bindings

📦

ESModule

Modern ESModule support for better tree-shaking and performance

Installation Guide

🔒

Enhanced Security

XXE and XSW attack protection with built-in XML Schema validation

Security Best Practices

✍️

Multiple Algorithms

Support for RSA, ECDSA, EdDSA signatures and AES-GCM encryption

View Supported Algorithms

🎯

Multiple Bindings

HTTP-Redirect, HTTP-POST, HTTP-POST-SimpleSign, and Artifact binding

Binding Comparison

🧪

Well Tested

Comprehensive test suite with Vitest, tested against Burp SAML Raider

Testing Documentation

🌍

Multi-Language

Full documentation in English and Chinese for global developers

中文文档

🔗

Rich Integrations

Ready-to-use examples for Okta, Azure AD, AWS SSO, Keycloak, and more

Integration Examples

Quick Example

typescript
import { ServiceProvider, IdentityProvider } from 'samlesa'
import { readFileSync } from 'fs'

const sp = ServiceProvider({
  metadata: readFileSync('./sp-metadata.xml'),
  privateKey: readFileSync('./sp-key.pem'),
  signingCert: readFileSync('./sp-cert.cer'),
})

const idp = IdentityProvider({
  metadata: readFileSync('./idp-metadata.xml'),
})

// Create login request
const { context, entityEndpoint } = sp.createLoginRequest(idp, 'redirect')

// Redirect user to IdP
res.redirect(`${entityEndpoint}?SAMLRequest=${encodeURIComponent(context)}`)
typescript
import { IdentityProvider, ServiceProvider } from 'samlesa'
import { readFileSync } from 'fs'

const idp = IdentityProvider({
  metadata: readFileSync('./idp-metadata.xml'),
  privateKey: readFileSync('./idp-key.pem'),
})

// Create login response
const { context } = await idp.createLoginResponse({
  sp,
  requestInfo: { extract },
  binding: 'post',
  user: { NameID: 'user@example.com' },
})

// Send response to SP
res.send(`
  <form method="POST" action="${acsUrl}">
    <input type="hidden" name="SAMLResponse" value="${context}"/>
  </form>
`)

Supported Algorithms

Signature Algorithms

AlgorithmSecurityRecommendation
RSA-SHA256High⭐ Recommended
ECDSA-SHA256High⭐ Recommended
EdDSA-Ed25519Very High⭐ Recommended
RSA-SHA384/512High✅ Supported
RSA-SHA1Low🚫 Deprecated

Encryption Algorithms

AlgorithmModeRecommendation
AES-256-GCMGCM⭐ Recommended
AES-128-GCMGCM✅ Supported
AES-256-CBCCBC✅ Supported
TripleDESCBC🚫 Deprecated

View all supported algorithms →

Installation

bash
npm install samlesa

See installation guide →

Integration Examples

samlify supports integration with major Identity Providers:

ProviderTypeDifficulty
OneLoginEnterprise IdP🟢 Easy
OktaIdentity Platform🟢 Easy
Azure ADMicrosoft Entra ID🟡 Medium
AWS SSOAWS IAM Identity Center🟡 Medium
KeycloakOpen Source IAM🟡 Medium
GitLabDevOps Platform🟢 Easy
VolcengineChina Cloud IdP🟡 Medium

View all integration examples →

Community

Released under the MIT License

Released under the MIT License.

Copyright © 2024 samlify contributors