This repository is SAML v2.0 bindings in Java using JAXB.
You'd use this library to process SAML requests and responses. See the tests for example code.
If you find a vulnerability or other security related bug, please report the vulnerability here before opening a GitHub issue. This will allow us to assess the disclosure and prepare a fix prior to a public disclosure.
We are very interested in compensating anyone that can identify a security related bug or vulnerability and properly disclose it to us.
- CSNC-2021-004 XML External Entity
- Thanks to Compass Security for responsibly disclosing this issue.
- See CVE-2021-27736
- See CSNC-2021-004
- Affects versions prior to
0.5.4, ensure you are using version0.5.4or later.
- CNSC-2020-002 Signature Exclusion Attack
- Thanks to Compass Security for responsibly disclosing this issue.
- See CVE-2020-12676
- See CNSC-2020-002
- Affects versions prior to
0.3.3, ensure you are using version0.3.3or later.
Linux or macOS
mkdir ~/savant
cd ~/savant
wget http://savant.inversoft.org/org/savantbuild/savant-core/1.0.0/savant-1.0.0.tar.gz
tar xvfz savant-1.0.0.tar.gz
ln -s ./savant-1.0.0 current
export PATH=$PATH:~/savant/current/bin/
You may optionally want to add ~/savant/current/bin to your PATH that is set in your profile so that this change persists. You'll also need to ensure that you have Java >= 8 installed and the environment variable JAVA_HOME is set.
For more information on the Savant build tool, checkout savantbuild.org.
Build a jar
sb jar
Run the tests
sb test
We welcome contributions. Please open issues or pull requests on the GitHub repo: https://github.com/FusionAuth/fusionauth-samlv2/
Learn more about SAML here: