{"id":23122665,"url":"https://github.com/folio-org/mod-login-saml","last_synced_at":"2025-08-17T02:30:58.416Z","repository":{"id":22389410,"uuid":"96112355","full_name":"folio-org/mod-login-saml","owner":"folio-org","description":"FOLIO SAML login module","archived":false,"fork":false,"pushed_at":"2025-07-31T16:36:44.000Z","size":981,"stargazers_count":2,"open_issues_count":1,"forks_count":10,"subscribers_count":15,"default_branch":"master","last_synced_at":"2025-07-31T19:52:53.816Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/folio-org.png","metadata":{"files":{"readme":"README.md","changelog":"NEWS.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2017-07-03T13:12:27.000Z","updated_at":"2025-07-31T16:35:45.000Z","dependencies_parsed_at":"2023-10-13T13:35:20.216Z","dependency_job_id":"af58a45b-74e9-4993-9872-ce4dec8ea9fe","html_url":"https://github.com/folio-org/mod-login-saml","commit_stats":null,"previous_names":[],"tags_count":47,"template":false,"template_full_name":null,"purl":"pkg:github/folio-org/mod-login-saml","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-login-saml","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-login-saml/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-login-saml/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-login-saml/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/folio-org","download_url":"https://codeload.github.com/folio-org/mod-login-saml/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/folio-org%2Fmod-login-saml/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":270798875,"owners_count":24648042,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-17T02:00:09.016Z","response_time":129,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-12-17T07:29:24.971Z","updated_at":"2025-08-17T02:30:58.402Z","avatar_url":"https://github.com/folio-org.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# mod-login-saml\n\nCopyright (C) 2017-2025 The Open Library Foundation\n\nThis software is distributed under the terms of the Apache License,\nVersion 2.0. See the file \"[LICENSE](LICENSE)\" for more information.\n\n## Introduction\n\nThis module provides SAML2 SSO functionality for FOLIO.\n\n### Usage\n\n1. On Stripes UI find Settings-\\\u003eTenant-\\\u003eSSO settings, paste the IdP\n   metadata.xml URL.\n  - mod-login-saml stores this configuration in the database for each tenant.\n2. Call GET /saml/regenerate to generate the keyfile with random passwords,\n   which mod-login-saml stores for the tenant too.\n  - Don't forget to send `X-Okapi-Tenant` header\n  - UI button will replace this manual step\n  - Response is `sp-metadata.xml` that needs to be uploaded to IdP's\n   configuration.\n3. Make sure there is a user stored with `externalSystemId` matches `UserID`\n   SAML attribute.\n  - These default properties can be overridden by `user.property` and\n   `saml.attribute` configuration parameters.\n  - SAML binding type can be overridden by `saml.binding` configuration\n   property, allowed values are `POST` and `REDIRECT`\n  - There will be UI for these too.\n4. Go back to Stripes login page (log out obviously), 'SSO Login' button show\n  up. Clicking on it will forward to IdP's login page.\n\nEndpoints are documented in [RAML file](ramls/saml-login.raml)\n\n### Maximum authentication lifetime\n\nThe IdP's maximum authentication lifetime must be configured to be smaller or\nequal to mod-login-saml's maximum authentication lifetime. Otherwise the login\nattempt will fail with a \"500 server error\" if it falls into the gap between the two\nvalues, see [MODLOGSAML-208](https://folio-org.atlassian.net/browse/MODLOGSAML-208).\n\nThe maximum authentication lifetime of mod-login-saml is\n\n* 8 hours in mod-login-saml \u003e= 2.10.1 and mod-login-saml \u003e= 2.9.4,\n* 5 hours in mod-login-saml 2.10.0 and mod-login-saml \u003c= 2.9.3.\n\n### Environment variables\n\n`DB_*`: Configures the connections to the PostgreSQL database. For examples see the bottom of the [module descriptor](descriptors/ModuleDescriptor-template.json), for details see https://github.com/folio-org/raml-module-builder?tab=readme-ov-file#environment-variables .\n\n`TRUST_ALL_CERTIFICATES`: if value is `true` then HTTPS certificates not checked. This is a security issue in production environment, use it for testing only! Default value is `false`.\n\n`LOGIN_COOKIE_SAMESITE`: Configures the SameSite attribute of the login token cookies. Defaults to `Lax` if not set. If served from the same host name `Lax` allows deep links from other sites, for example from a wiki or webmail to an inventory instance record, whereas `Strict` doesn't allow them.\n\n### Sample users for samltest.id\n\nmod-users ships with three sample users that allow SSO login using\nhttps://samltest.id/ IdP, for configuration see [Guide](GUIDE.md).\n\nUsernames and passwords are\n\n```\nrick    psych\nmorty   panic\nsheldon bazinga\n```\n\n## Additional information\n\n### Other documentation\n\nRefer to the user documentation [Guide](GUIDE.md).\n\nFor upgrading see [NEWS](NEWS.md) or\n[Releases](https://github.com/folio-org/mod-login-saml/releases).\n\nThis module is based on the [PAC4J](https://www.pac4j.org/) library\nand supports SAML Single Sign On (SSO) including federations like\n[eduGAIN](https://edugain.org/).\n\nMore mechanisms supported by PAC4J can be added to this module if needed:\n\nAuthentication mechanisms: OAuth (Facebook, Twitter, Google...) - CAS -\nOpenID Connect (OIDC) (e.g. with Apple, Azure Ad v2, Google, Keycloak) - HTTP - Google App Engine - LDAP - SQL - JWT - MongoDB -\nCouchDB - IP address - Kerberos (SPNEGO) - REST API.\n\nAuthorization mechanisms: Roles/permissions.\n\nOther [modules](https://dev.folio.org/source-code/#server-side) are described,\nwith further FOLIO Developer documentation at\n[dev.folio.org](https://dev.folio.org/)\n\n### Issue tracker\n\nSee project [MODLOGSAML](https://issues.folio.org/browse/MODLOGSAML)\nat the [FOLIO issue tracker](https://dev.folio.org/guidelines/issue-tracker/).\n\n### Quick start\n\nCompile with `mvn clean install`\n\nRun the local stand-alone instance:\n\n```\njava -jar target/mod-login-saml-fat.jar -Dhttp.port=8081\n```\n\n### ModuleDescriptor\n\nSee the [ModuleDescriptor](descriptors/ModuleDescriptor-template.json)\nfor the interfaces that this module requires and provides, the permissions,\nand the additional module metadata.\n\n### API documentation\n\nThis module's\n[API documentation](https://dev.folio.org/reference/api/#mod-login-saml).\n\nThe local API docs are available, for example:\n```\nhttp://localhost:8081/apidocs/?raml=raml/saml-login.raml\nhttp://localhost:8081/apidocs/?raml=raml/admin.raml\netc.\n```\n\n### Code of Conduct\n\nRefer to the Wiki\n[FOLIO Code of Conduct](https://wiki.folio.org/display/COMMUNITY/FOLIO+Code+of+Conduct).\n\n### Code analysis\n\n[SonarQube analysis](https://sonarcloud.io/dashboard?id=org.folio%3Amod-login-saml).\n\n### Download and configuration\n\nThe built artifacts for this module are available.\nSee [configuration](https://dev.folio.org/download/artifacts)\nfor repository access,\nand the [Docker image](https://hub.docker.com/r/folioorg/mod-login-saml/).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffolio-org%2Fmod-login-saml","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffolio-org%2Fmod-login-saml","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffolio-org%2Fmod-login-saml/lists"}