You can try the OpenSAML project; it provides a Java library for creating and validating SAML tokens.

你可以试试OpenSAML 项目；它提供了一个用于创建和验证 SAML 令牌的 Java 库。

http://www.softwareborsen.dk/projekter/softwarecenter/brugerstyring/oio-saml-java

http://www.softwareborsen.dk/projekter/softwarecenter/brugerstyring/oio-saml-java

Everything you need was at the OpenSSO site, with OpenAMas it's successor.

您需要的一切都在OpenSSO 站点，OpenAM作为它的继任者。

Having recently implemented SAML authentication for an application I found the most useful information in the OASIS SAML2 technical overview document. It's very readable and contains real examples of the XML messages that are passed.

最近为应用程序实施了 SAML 身份验证后，我在 OASIS SAML2 技术概述文档中找到了最有用的信息。它非常易读并且包含传递的 XML 消息的真实示例。

Section 5.1 describes the interaction of having YOUR application (service provider or SP) request authentication to a remote identity provider (Idp).

第 5.1 节描述了让您的应用程序（服务提供商或 SP）向远程身份提供商 (Idp) 请求身份验证的交互。

http://wiki.oasis-open.org/security/Saml2TechOverview

http://wiki.oasis-open.org/security/Saml2TechOverview

You could take a look at 2 products:

你可以看看2个产品：

• JOSSO: http://www.josso.org
• OpenAM, which is a fork of Sun's OpenSSO since Oracle decided to kill it: http://forgerock.com/openam.html

• 乔索：http: //www.josso.org
• OpenAM，它是 Sun 的 OpenSSO 的一个分支，因为 Oracle 决定终止它：http: //forgerock.com/openam.html

Both have a rather impressive features list and offer a wide list of SSO agents.

两者都有相当令人印象深刻的功能列表，并提供广泛的 SSO 代理列表。

The main benefit of the agent approach is that you don't have to care in your application about the authentication process as it is handled by the agent and the SSO infrastructure.

代理方法的主要好处是您不必在应用程序中关心身份验证过程，因为它由代理和 SSO 基础结构处理。

If you're going to develop your own SAML2 Service Provider, using OpenSAML is the way to go. The downside is that this library is not that well documented. Nevertheless you should find easily some tutorials on OpenSAML on the web.
You could implement it for example as a servlet filter, so that your application code is not tied to SAML.

如果您要开发自己的 SAML2 服务提供程序，则使用 OpenSAML 是最佳选择。缺点是这个库没有很好的文档记录。尽管如此，您应该很容易在网上找到一些关于 OpenSAML 的教程。
例如，您可以将它实现为一个 servlet 过滤器，这样您的应用程序代码就不会绑定到 SAML。

Providing more up to date answer since this hasn't been visited in a while:

由于有一段时间没有访问过，因此提供更多最新答案：

If you're doing a spring project already I've had success with Spring Security SAML. You do not have to be securing your app with Spring Security to use the SAML extension, though it make it a bit easier.

如果你已经在做一个 spring 项目，我已经在 Spring Security SAML 上取得了成功。您不必使用 Spring Security 来保护您的应用程序以使用 SAML 扩展，尽管它使它更容易一些。

http://projects.spring.io/spring-security-saml/

http://projects.spring.io/spring-security-saml/