Has anyone implemented SAML authentication in CF? Any guides/pointers/examples?

I've had good luck using OneLogin's SAML Java Toolkit with ACF & Lucee: https://github.com/SAML-Toolkits/java-saml

Thanks Dan, I'll pass that along. I'm not really working on this, at this point at least, but I was asked to ask here about folks' experience with it.

I looked into other solutions (like Shibboleth), but since I only needed to implement the "Service Provider" side of things, I found the OneLogin Java library very easy to work with. We've been using it in production for a few years w/out any issues. The only obstacle I had was: https://github.com/SAML-Toolkits/java-saml/issues/198

@dswitzer Nice work on that fork. It's unfortunate that the maintainers don't seem inclined to pick it up, or to explain why not. I'm not sure if the circumstances that require it will turn out to apply to us or not, we'll see. I'm a bit reluctant to have us use an individual dev's fork of security-related code, guess we'll wait to see if this issue bites us, as we get further down the SAML path.

@Dave Merrill The problem might not affect you at all (which is hopefully the case).

You can always use the original open-source project - and reimplement @dswitzer’s changes - into your own code's repo - effectively making you (your company) the owner of the code) all with the appropriate (I stole this from XXX comments - of course)

Yes. Run the other way! I've implemented it, but it was a pain in the butt and documentation is seriously lacking. This is using Azure.

would it make sense in a coldbox app to implement a cbauth customisation that could use the java-saml library for SSO or am I thinking about cbsecurity incorrectly here?

So did Adobe not provide any best practices or examples on how to implement their SAML package?

Most I could find was this: https://helpx.adobe.com/coldfusion/using/saml-coldfusion.html