Hello, let me introduce myself. I work as one of the technical leads for the Shibboleth/OpenSAML projects. Over the last few days we have had a passionate individual post to our list regarding SAML support in Spring Security and Shibboleth interoperability. Within the Shibboleth project the SP implementation we have available plugs in to the web server (Apache/IIS/Netscape). We do not have a Java-native SP nor the resources, currently, to develop one. I know that Spring Security does have a SAML extension written by Vladimir and that a growing number of applications are using Spring Security.

So, I wanted to at least extend a hand on behalf of myself and Scott Cantor, the other technical lead and one of the main editors of the SAML spec. As I mentioned above we're limited on development resources at the moment but if we can be of help I wanted to offer that. At the very least, testing and clarifying interoperability seems like a good thing (and I think was what the poster on our users list was getting at). In addition, I can review code (I'm pretty familiar with Spring core at least) and both Scott and I are willing to answer technical questions about the protocol, why we did certain things in our SP implementations, etc. I think having a high-quality Spring Security SAML module is a win for everyone so if we can be of help with that, just let us know.

You can find us on the Shibboleth lists, the OASIS saml-dev list, or I'm also on the forums here, though Scott is not currently.

-- Chad La Joie