Hey everyone, I'm Ulysse, CTO at SSOReady (
https://github.com/ssoready/ssoready).
SSOReady is an open-source (MIT) service that lets you implement SAML single sign-on without ever touching SAML yourself. You just need to implement two API endpoints: one to initiate SAML logins and another to receive incoming SAML messages. And then you're pretty much done.
Here's me setting up SAML single sign-on in under a minute: (https://www.youtube.com/watch?v=_HVtFkW8xCI).
You can use our service with whatever tech stack or programming language you prefer.
Earlier in my career, I worked on SAML authentication at Segment. I've been pretty obsessed with SAML since then. In the depths of the COVID pandemic, I even wrote an implementation of SAML in Go to entertain myself (https://github.com/ucarion/saml).
Over the years, I've gotten really itchy to build better SAML tooling. There just aren't a lot of great options out there. Almost no one seems interested in making SAML easy for developers. Almost no one seems interested in writing clear documentation.
We're hoping to change that with SSOReady. We've open-sourced our codebase on an MIT license. You can do pretty much whatever you want with the code. Fork us. Self-host us.
We've also made the product entirely free.
Why free and open source? We're focused solitarily on becoming developers' first choice for SAML SSO. If it makes developers' lives easier, it works for us. We expect to monetize in the future by building extra features that serve large companies with complex needs. We don't see any point to being secretive or squeezing dollars out of small companies.
I'd be thrilled if you gave the product a try, and I'd be really grateful for any feedback on your experience.
If you have any questions or concerns, my cofounder Ned and I will stay active on this thread throughout the day. You can also reach us directly at founders@ssoready.com. (We really mean this! We want to hear from you!)
We wrote our own IdP back in the day. It was a cool project, Single Sign On, Single Sign OUT, User provisioning, just all sorts of stuff.
And it worked! It's amazing when it works, it's just like magic. You giggle when it works.
We did all sorts of integrations. To random Service Providers, integrating with other IdPs, etc. Some were really cool. Great functionality.
But I simply float this one caveat.
It was never "painless". Ever. It was always pulling teeth.
The dark truth is you can have the best IdP in the world, but everyone on the other side of the conversation is a black box. You get a lot of payloads simply shipped into the void, never to be seen again, consumed for some unknown reason.
Add to that the very often the people you're integrating with have no concept of SAML, its workflows, its payloads, etc., much less the capabilities of their own stack in regards to SAML. So you get to train them (and learn about their system) at the same time.
We never had real problems with signing and formatting and such that folks worry about. It was mostly just diagnosing black boxes more than anything, the endless black hole of cert management, etc.
So, good luck! I hope it works for you! It's a neat space to play.