Skip to content
Switch branches/tags
Go to file

Latest commit


Git stats


Failed to load latest commit information.
Latest commit message
Commit time


Copyright (C) 2017-2019 The Open Library Foundation

This software is distributed under the terms of the Apache License, Version 2.0. See the file "LICENSE" for more information.


This module provides SAML2 SSO functionality for FOLIO.


  1. On Stripes UI find Settings->Organization->SSO settings, paste the IdP metadata.xml URL.
  • This configuration is stored per tenant in mod-configuration under module=LOGIN-SAML, configName=saml, code=idp.url
  1. Call GET /saml/regenerate to generate keyfile with random passwords and store them in mod-configuration too.
  • Don't forget to send X-Okapi-tenant header
  • UI button will replace this manual step
  • Response is sp-metadata.xml that needs to be uploaded to IdP's configuration.
  1. Make sure there is a user stored with externalSystemId matches UserID SAML attribute.
  • These default properties can be overridden by and saml.attribute configuration parameters.
  • SAML binding type can be overridden by saml.binding configuration property, allowed values are POST and REDIRECT
  • There will be UI for these too.
  1. Go back to Stripes login page (log out obviously), 'SSO Login' button show up. Clicking on it will forward to IdP's login page.

Endpoints are documented in RAML file

Environment variables

TRUST_ALL_CERTIFICATES: if value is true then HTTPS certificates not checked. This is a security issue in production environment, use it for testing only! Default value is false.

Additional information

Other documentation

Refer to the user documentation Guide.

For upgrading see NEWS or Releases.

This module is based on the library, more authentication methods supported by PAC4J can be added to this module if needed.

Other modules are described, with further FOLIO Developer documentation at

Issue tracker

See project MODLOGSAML at the FOLIO issue tracker.

Quick start

Compile with mvn clean install

Run the local stand-alone instance:

java -jar target/mod-login-saml-fat.jar \
  -Dhttp.port=8081 embed_postgres=true


See the built target/ModuleDescriptor.json for the interfaces that this module requires and provides, the permissions, and the additional module metadata.

API documentation

This module's API documentation.

The local API docs are available, for example:


Code analysis

SonarQube analysis.

Download and configuration

The built artifacts for this module are available. See configuration for repository access, and the Docker image.