README.md

---

eidas-opensaml

OpenSAML extensions for the eIDAS Framework.

---

Note: For OpenSAML 5 support, please use the https://github.com/swedenconnect/opensaml-eidas repository. This repo will only support earlier versions of OpenSAML ...

Note: Support for OpenSAML 2.X and 3.X has been discontinued. The last release of eidas-opensaml supporting OpenSAML 2.X is 1.0.6 and the last release supporting OpenSAML 3.X is 1.4.5.

---

eIDAS (EU REGULATION 910/2014 on electronic identification and trust services for electronic transactions in the European internal market) defines requirements on cross-border recognition of electronic identification means in EU.

The eIDAS technical specifications defines a number of SAML elements and attribute definitions which are normally not supported by standard SAML software. The eidas-opensaml Open Source Java library extends the OpenSAML framework with support for the definitions from the eIDAS technical specifications.

The following eIDAS specifications are implemented:

• eIDAS - Interoperability Architechture v1.2

• eIDAS - Cryptographic requirements for the Interoperability Framework v1.2

• eIDAS SAML Message Format v1.2

• eIDAS SAML Attribute Profile v1.2

See https://ec.europa.eu/cefdigital/wiki/display/CEFDIGITAL/eIDAS+eID+Profile for the eIDAS eID Profile.

How to use the use the eidas-opensaml library

The eidas-opensaml artifacts are published to Maven central and a dependency to the library should be included as follows in the application POM-file:

<dependency>
  <groupId>se.litsec.eidas</groupId>
  <artifactId>eidas-opensaml4</artifactId>
  <version>${eidas-opensaml.version}</version>
</dependency>

Documentation

• API documentation - https://litsec.github.io/eidas-opensaml/javadoc/opensaml4/2.1.1.

Examples

Creating an eIDAS AuthnRequest message

The eIDAS SAML Message Format v1.2 specification describes how a SAML AuthnRequest message should be put together to comply to the eIDAS specifications.

CreateAuthnRequestExample.java illustrates how you could create an authentication request message using the eidas-opensaml library.

Parsing an Assertion

An assertion issued from an eIDAS service will contain the attributes defined in eIDAS SAML Attribute Profile.

ParseAssertionExample.java shows how to parse an Assertion and get hold of all attribute values.

Contact and support

Contact Litsec Labs if you have any questions or suggestions ...

Resources

eIDAS Specifications

• eIDAS - Interoperability Architechture v1.2

• eIDAS - Cryptographic requirements for the Interoperability Framework v1.2

• eIDAS SAML Message Format v1.2

• eIDAS SAML Attribute Profile v1.2

Swedish eID Framework

• Technical specifications for the Swedish eID Framework
• Sweden Connect - The portal for the Sweden Connect federation.
• Sweden Connect - Sandbox - The portal for the Swedish eID and eIDAS test infrastructure.

OpenSAML and Shibboleth

• Shibboleth Identity Provider v4 - built using OpenSAML 4.x

---

Copyright © 2016-2023, Litsec AB. Licensed under version 2.0 of the Apache License.