# Install opensaml with Homebrew, apt, MacPorts, zypper

Library for Security Assertion Markup Language. Version 3.3.1 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:opensaml
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install opensaml
```

  Evidence: local Homebrew formula metadata

- MacPorts (94%):

```sh
sudo port install opensaml
```

  Evidence: MacPorts ports tree: lang/opensaml/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1

### Linux

- Debian apt (92%):

```sh
sudo apt install libsaml-dev
```

  Evidence: Debian stable package indexes: libsaml-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- zypper (92%):

```sh
sudo zypper install libsaml-devel
```

  Evidence: openSUSE Tumbleweed package metadata: libsaml-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:opensaml
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/opensaml>
- **Version:** 3.3.1
- **Source summary:** Library for Security Assertion Markup Language
- **Homepage:** <https://wiki.shibboleth.net/confluence/display/OpenSAML/Home>
- **Repository:** <https://codeberg.org/Shibboleth/cpp-opensaml>
- **Upstream docs:** <https://shibboleth.atlassian.net/wiki/spaces/OSAML/overview>
- **License:** Apache-2.0
- **Source archive:** <https://shibboleth.net/downloads/c++-opensaml/3.3.1/opensaml-3.3.1.tar.bz2>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- samlsign (cli)
- samlsign (alias)

## Dependencies

- log4shib
- openssl@3
- xerces-c
- xml-security-c
- xml-tooling-c

## Build dependencies

- pkgconf

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, sonoma, ventura, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 3.3.1
- Local data: ok
- Upstream repository: https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- info: No package-manager update timestamp was available.
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

OpenSAML is a Shibboleth-family implementation library for the OASIS Security Assertion Markup Language. The Homebrew opensaml formula packages the native C++ line, including the samlsign command-line tool, for software that needs SAML message construction, parsing, signing, and validation primitives.

### Project history

OpenSAML grew around the Shibboleth identity-federation project, where SAML is the core protocol vocabulary for browser single sign-on and attribute exchange. The OpenSAML 2 documentation describes the project as open-source C++ and Java libraries for developers working with SAML 1.0, 1.1, and 2.0.

The project deliberately distinguishes the library from a complete identity provider or service provider. The documentation warns that OpenSAML does not provide a full SAML IdP/SP and is meant for developers who already understand the SAML specifications.

For the C++ 3.x line, Shibboleth documents OpenSAML-C as a separate project but supported only as a dependency of the Shibboleth Service Provider. The build documentation places it in the native Shibboleth stack with dependencies such as log4shib, OpenSSL, libcurl, Xerces-C, XML-Security-C, and XMLTooling-C.

### Adoption history

OpenSAML's adoption is strongest inside identity middleware rather than end-user CLI workflows. The historical OpenSAML page lists Shibboleth, Globus Toolkit components, grid identity projects, Apache WSS4J, Apache Rampart, eduGAIN, OpenLiberty Wakame, SuisseID SDK/Java, and other projects as users or integrators.

Distribution packaging follows that dependency role. openSUSE's Apache:Shibboleth package describes opensaml as a C++ implementation supporting SAML 1.0, 1.1, and 2.0, while Homebrew, Debian, Ubuntu, MacPorts, and zypper package it for native Shibboleth and SAML tooling stacks.

### How it is used

Developers use OpenSAML-C as a library inside SAML-capable services rather than as an application framework. It supplies C++ classes and XML/security integration for SAML assertions, protocol messages, bindings, signatures, and related metadata operations.

Operators encounter the package as part of Shibboleth Service Provider builds and security maintenance. The C++ product version policy explains that native Shibboleth and OpenSAML components use MAJOR.MINOR.PATCH versioning and track compatibility across binary linkage, public APIs, configuration, and protocol behavior.

### Why package nerds care

opensaml is a dependency-heavy security library package where ABI compatibility matters. Package maintainers care about coordinated versions of XMLTooling-C, XML-Security-C, Xerces-C, OpenSSL, log4shib, and Shibboleth SP, because C++ API changes can force recompilation and soname changes.

### Timeline

- 2016-07-31: security maintenance ceased for the OpenSAML V2 Java release branch.
- 2018-07-17: security maintenance ceased for the OpenSAML V2 C++ release branch.
- 2021-08-17: Shibboleth's C++ product version policy page documented native/OpenSAML versioning and compatibility rules.
- 2021-11-24: the OpenSAML-C page for Shibboleth SP 3 was updated and documented C++ 3.x support as part of Shibboleth SP.
- 2025-03-13: the Shibboleth download index lists opensaml-3.3.1 source artifacts.

### Related projects

- Related Shibboleth native components include XMLTooling-C, XML-Security-C, log4shib, and the Shibboleth Service Provider. Protocol-adjacent projects include Apache WSS4J, Apache Rampart, Globus Toolkit components, eduGAIN, and other SAML federation software.

### Sources

- <https://build.opensuse.org/package/show/Apache%3AShibboleth/opensaml>
- <https://formulae.brew.sh/formula/opensaml>
- <https://shibboleth.atlassian.net/wiki/spaces/DEV/pages/1123844179>
- <https://shibboleth.atlassian.net/wiki/spaces/OpenSAML?homepageId=1573290007>
- <https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2067398807/OpenSAML-C>
- <https://shibboleth.net/downloads/c++-opensaml/latest/>


## Security Notes

library-like package without higher-risk signals.

- **Geiger risk:** green / low
- library-like package without higher-risk signals

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** opensaml
- **Version Scheme:** 0
- **Revision:** 1
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - libsaml-dev - 3.3.1-2: normalized package name match | Debian stable package indexes: libsaml-dev from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security Assertion Markup Language library (development) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Debian apt - libsaml-doc - 3.3.1-2: normalized package name match | Debian stable package indexes: libsaml-doc from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security Assertion Markup Language library (API docs) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Debian apt - libsaml13 - 3.3.1-2: normalized package name match | Debian stable package indexes: libsaml13 from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security Assertion Markup Language library (runtime) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Debian apt - opensaml-schemas - 3.3.1-2: normalized package name match | Debian stable package indexes: opensaml-schemas from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security Assertion Markup Language library (XML schemas) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Debian apt - opensaml-tools - 3.3.1-2: normalized package name match | Debian stable package indexes: opensaml-tools from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Security Assertion Markup Language command-line tools | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Ubuntu apt - libsaml-dev - 3.2.1-4.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: libsaml-dev from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security Assertion Markup Language library (development) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Ubuntu apt - libsaml-doc - 3.2.1-4.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: libsaml-doc from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security Assertion Markup Language library (API docs) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Ubuntu apt - libsaml12t64 - 3.2.1-4.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: libsaml12t64 from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security Assertion Markup Language library (runtime) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Ubuntu apt - opensaml-schemas - 3.2.1-4.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: opensaml-schemas from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security Assertion Markup Language library (XML schemas) | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- Ubuntu apt - opensaml-tools - 3.2.1-4.1build2: normalized package name match | Ubuntu 24.04 LTS package indexes: opensaml-tools from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz | Security Assertion Markup Language command-line tools | https://wiki.shibboleth.net/confluence/display/OpenSAML/Home
- zypper - libsaml-devel - 3.3.1-2.3: normalized package name match | openSUSE Tumbleweed package metadata: libsaml-devel from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | OpenSAML development Headers | https://wiki.shibboleth.net/confluence/display/OpenSAML/
- zypper - libsaml13 - 3.3.1-2.3: normalized package name match | openSUSE Tumbleweed package metadata: libsaml13 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Security Assertion Markup Language library | https://wiki.shibboleth.net/confluence/display/OpenSAML/
- zypper - opensaml-bin - 3.3.1-2.3: normalized package name match | openSUSE Tumbleweed package metadata: opensaml-bin from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Utilities for OpenSAML library | https://wiki.shibboleth.net/confluence/display/OpenSAML/
- zypper - opensaml-schemas - 3.3.1-2.3: normalized package name match | openSUSE Tumbleweed package metadata: opensaml-schemas from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | OpenSAML schemas and catalog | https://wiki.shibboleth.net/confluence/display/OpenSAML/
- MacPorts - opensaml: normalized package name match | MacPorts ports tree: lang/opensaml/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Language runtime packages](https://www.automicvault.com/pkg/language-runtime-packages/) - Matched language runtime, compiler, or interpreter metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [openssl@3](https://www.automicvault.com/pkg/brew/openssl-3/) - Runtime dependency declared by Homebrew.
- [xerces-c](https://www.automicvault.com/pkg/brew/xerces-c/) - Runtime dependency declared by Homebrew.
- [xml-security-c](https://www.automicvault.com/pkg/brew/xml-security-c/) - Runtime dependency declared by Homebrew.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [shibboleth-sp](https://www.automicvault.com/pkg/brew/shibboleth-sp/) - Popular package that depends on this formula.
- [cyrus-sasl](https://www.automicvault.com/pkg/brew/cyrus-sasl/) - Shares av.db curated category or tags: authentication, cli, library, security.
- [dexidp](https://www.automicvault.com/pkg/brew/dexidp/) - Shares av.db curated category or tags: authentication, cli, identity, security.
- [okta-aws-cli](https://www.automicvault.com/pkg/brew/okta-aws-cli/) - Shares av.db curated category or tags: cli, identity, security.
- [spiffe-helper](https://www.automicvault.com/pkg/brew/spiffe-helper/) - Shares av.db curated category or tags: cli, identity, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: authentication, cli, security.
- [botan](https://www.automicvault.com/pkg/brew/botan/) - Shares av.db curated category or tags: cli, library, security.
- [cracklib](https://www.automicvault.com/pkg/brew/cracklib/) - Shares av.db curated category or tags: cli, library, security.
- [oath-toolkit](https://www.automicvault.com/pkg/brew/oath-toolkit/) - Security-sensitive metadata or terminology overlaps. Shared terms: authentication, cli, openssl, openssl-3, security.
- [xmlsectool](https://www.automicvault.com/pkg/brew/xmlsectool/) - Both packages work with overlapping file formats or content types. Shared terms: cli, saml, security, xml.

## Combined YAML source

View the package source record on GitHub. [combined/opensaml.yml](https://github.com/automic-vault/db/blob/main/combined/opensaml.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
