Skip to main content

Introduction

litesaml/saml is a PHP library for implementing the SAML 2.0 protocol. It provides high-level wrappers for both Service Provider (SP) and Identity Provider (IdP) roles, handling authentication requests, responses, single logout, metadata, and message security.

Requirements

  • PHP ^8.4
  • A PSR-17 HTTP factory implementation (e.g. nyholm/psr7)

Installation

composer require litesaml/saml

For PSR-7/17 support, install a compatible factory:

composer require nyholm/psr7

How it works

The library is built around two wrapper classes that cover the two SAML roles:

  • ServiceProviderWrapper — for applications acting as Service Providers (SP): sending authentication requests, handling authentication responses, and initiating or receiving single logout.
  • IdentityProviderWrapper — for applications acting as Identity Providers (IdP): handling authentication requests, sending authentication responses with user attributes, and managing single logout.

Both wrappers accept PSR-7 ServerRequestInterface as input and return PSR-7 ResponseInterface, making them framework-agnostic.

Features

  • Getting Started — configure your SP or IdP and make your first request
  • Metadata — generate and parse SAML metadata
  • Authentication — send and receive authentication requests and responses
  • Single Logout — initiate and handle logout flows
  • Security — sign messages, verify signatures, encrypt and decrypt assertions

About the project

litesaml/saml builds on litesaml/lightsaml, originally developed by Milos Tomic and maintained since 2021.

Contributing

Contributions are welcome. Read the guide and open an issue first to discuss your proposal.