We have a spring web app, and a third party application which need to know which user is logged in into the Spring application. Once the user is logged in the Spring app, he will have the possibility to access the third-party app in a transparent manner. For that purpose, we have to use SAML (third app need). So the Spring web app will work as an IDP, in an IDP-initiated way.

I found OpenSAML library, and this : http://blog.keksrolle.de/2010/07/27/how-to-create-a-valid-saml-2-0-assertion-with-opensaml-for-java.html

It shows an example on how to create SAML assertions, but I have some difficulties to find extra-documentation about creating a custom IDP...

So is there others tools than OpenSAML that could help us ? Or samples ?

I also found Shibboleth, but not sure if it can help in this particular case...

Thx

OpenSAML is the best (and possible the only) Java library which simplifies low-level handling of SAML messages. You can find examples on how to use it to implement SAML IDP/SP components in source codes of products like Shibboleth or Spring SAML. You can also find some examples in this blog.

Writing a very simplistic IDP covering only your particular use-case directly with OpenSAML is probably the best way to go. Integrating Shibboleth is (imo) the close second best option, but it's far for trivial.