SAML 2.0 Provider EE

Security Assertion Markup Language 2.0 (SAML 2.0) is a version of the SAML OASIS standard for exchanging authentication and authorization data between security domains. SAML 2.0 is an XML-based protocol that uses security tokens containing assertions to pass information about a principal (usually an end-user) between an identity provider and a web service. SAML 2.0 enables web-based authentication and authorization scenarios including single sign-on (SSO). This app enables Liferay to act as a SAML 2.0 Identity Provider (IdP) or Service Provider (SP). It is built on top of OpenSAML and uses the Java Keystore for providing certificates/credentials for security. Once this app is installed, additional configuration is required to adapt the app with your local SAML environment and configuration. Refer to the following resources to get started with this app: Liferay's "Identity Management Overview and Best Practices" whitepaper, located at

This app installs as a Liferay service.

  • LPS-31488 SAML Response SubjectConfirmationData is missing InResponseTo
  • LPS-36298 Improve error, warning and debug logging
  • LPS-37787 Resolver tests
  • LPS-37963 vLDAP Integration tests
  • LPS-41751 SAML response causes NullPointerException and prohibits login
  • LPS-42420 Saml SP ignores nameId format defined in UI
  • LPS-42559 filter-mapping url-pattern should be matched against "the request URL from the request object minus the con...
  • LPS-42924 Using classNameLocalService directly instead of PortalUtil.getClassName** in ***LocalServiceImpl.
  • LPS-43258 ClassNotFoundException when translating Hibernate exception in ClpSerializer
  • LPS-43291 SAML: create method to destroy metadata when shutting down
  • LPS-43599 Plugins SDK Environment builder for 6.2 generates as "master" instead of 6.2.x
  • LPS-43927 Remove plugins-security-manager-portlet from 6.2.x+
  • LPS-44619 Some paths are wrong if non default context path or proxy path is set
  • LPS-44844 SAML SP LogoutRequest does not include SessionIndex
  • LPS-45213 SAML: Unable to upload metadata xml file - button is unresponsive
  • LPS-45364 column jSessionId too short issue while liferay as the SP and OKTA as the IDP
  • LPS-45446 Update old CSS classes to use bootstrap CSS classes
  • LPS-45684 SAML SP when IdP provides NameID with NameQualifier and/or SPNameQualifier in Response they should be sent ...