We have just released SAML toolkits for Ruby on Rails and PHP and we will release more in the coming months. The toolkits are free, open source and you can use them with any identity provider you choose, not just OneLogin.
So why are we doing this? SAML is ideal for web-based single sign-on for a number of reasons. It’s a standard, it’s very secure and and it is very flexible. Unfortunately, as is often the case, flexibility is a double-edged sword and has prevented SAML from being adopted by smaller players because if its relatively high learning curve.
In the cloud, most of the flexibility of SAML is not really needed. If you look at how Google Apps and Salesforce.com have implemented SAML, it is very straightforward and with a product like OneLogin, you can configure these services for SAML in a matter of minutes. These are two of the most widely deployed cloud applications and we think those implementations are reflective of what most other vendors would want to offer to their customers.
Therefore, we have put together basic SAML toolkits that give you the same functionality as with Google Apps and Salesforce. The toolkits support both identity provider initiated and service provider initiated single sign-on. We have already walked through the toolkits with several vendors. One CRM vendor got it working with their application in less than an hour – while we were watching on the video conference.
If you are interested in SAML-enabling your own cloud application, take a look at the documentation for the Rails toolkit or contact us at email@example.com. The code is also available on GitHub at: