OneLogin has just released a Python version of its increasing popular open-source SAML toolkit, which now brings the number of languages supported to a total of five: C#, Java, PHP, Python and Ruby.

The toolkit is very straightforward to use and can be embedded in your application in matter of hours. In addition to being completely free, the toolkit approach has another significant advantage over licensing a commercial, stand-alone SAML gateway. By embedding the SAML toolkit in your code, it will automatically inherit your own application's high-availability and scalability characteristics and you don't have to worry about dealing with a separate application or server.

OneLogin's SAML toolkits are growing in popularity by the day. Some of the most recent vendors to adopt the toolkit are Blue Mango Learning Systems, ShareFile and Transverse.

SAML is a standards-based single sign-on protocol for web applications. Some of the advantages of SAML are:

• Strengthens security - SAML uses digital signatures to establish trust between application and identity provider, which is more secure than passwords.
• Prevents phishing - SAML eliminates passwords and users don't have a password for an application, they can't be tricked into entering it on a fake login page.
• Simplifies directory integration - Identity providers like OneLogin have strong directory integration capabilities, which the application vendor can leverage indirectly via SAML.
• Drives adoption - When an application is just one click away, it will ultimately drive more usage and hence further anchor the application within the customer's organization.

If you are interested in getting your application SAML-enabled, contact us a bizdev@onelogin.com or check out the SAML toolkits in our support forums.

We have just released SAML toolkits for Ruby on Rails and PHP and we will release more in the coming months. The toolkits are free, open source and you can use them with any identity provider you choose, not just OneLogin.

So why are we doing this? SAML is ideal for web-based single sign-on for a number of reasons. It's a standard, it's very secure and and it is very flexible. Unfortunately, as is often the case, flexibility is a double-edged sword and has prevented SAML from being adopted by smaller players because if its relatively high learning curve.

In the cloud, most of the flexibility of SAML is not really needed. If you look at how Google Apps and Salesforce.com have implemented SAML, it is very straightforward and with a product like OneLogin, you can configure these services for SAML in a matter of minutes. These are two of the most widely deployed cloud applications and we think those implementations are reflective of what most other vendors would want to offer to their customers.

Therefore, we have put together basic SAML toolkits that give you the same functionality as with Google Apps and Salesforce. The toolkits support both identity provider initiated and service provider initiated single sign-on. We have already walked through the toolkits with several vendors. One CRM vendor got it working with their application in less than an hour – while we were watching on the video conference.

If you are interested in SAML-enabling your own cloud application, take a look at the documentation for the Rails toolkit or contact us at vendor@onelogin.com. The code is also available on GitHub at:

    http://github.com/onelogin