Der findes en nyere version af resourcen her

oiosaml.java 2.2.0

OIOSAML for Java release 2.2.0 has been made available. This release contains the following changes

  • Support for OIOSAML 3.0 profile
  • Support for OIO-BPP 1.2 profile

Code repository

The SVN repository on Softwarebørsen has been closed, and the code has been moved to Github. The code can now be located here


Maven repository

The binary artifacts are distributed as Maven dependencies, and can be located here


Note about OIOSAML 3.0 profile

The OIOSAML.java 2.2.0 release is compatible with both the old OIOSAML 2.0.9 profile, and the new OIOSAML 3.0 profile, and can be configured to in either a hybrid-mode, or a specific profile-mode. Please consult the documentation found here


Note about required Java version

This release of OIOSAML.java requires Java 8 or higher to use.


Hybrid mode

Jakob Kruse

I have searched the documentation, but failed to find details about configuring in hybrid-mode. Can you provide a direct link to that part of the documentation?

Hi Jakob.


Not sure how to get github to display HTML as actual HTML, but if you just ignore the HTML tags and look at this document




Note the following


It is possible to configure a requirement for one or both of these attributes, but note that the issued assertion only has to pass one of the requirements if both are configured (e.g. if both NSIS level "High" and AssuranceLevel "4" are required, and the IdP issues a token with AssuranceLevel "4", then it passes validation).

So if you are running in a hybrid-mode, where you accept both types of claims, you can just configure it to accept both type of values.

ændret af Brian Graversen (23.04.2020)

Hi Brian,

Thank you for your response. I understand the ability to accept both types of values. What I don't understand is how to configure for hybrid-mode. Is that just setting both "oiosaml-sp.assurancelevel" and "oiosaml-sp.nsislevel", or is there something else I need to set to enable hybrid-mode?

Hi Jakob,


it is just setting both values, then you are in hybrid-mode



Jakob Kruse

Am I correct in observing that, even though version 2.2.0 is OIOSAML 3.0 compliant, the UserAssertion supplied on login does not contain methods to retrieve the replacement attributes for PID and RID?

Also, in OIOSAML 3.0, the PID and RID attributes are named "https://data.gov.dk/model/core/eid/person/pid" and "https://data.gov.dk/model/core/eid/professional/rid" respectively, but the getPIDNumber and getRIDNumber methods retrieve attributes named "dk:gov:saml:attribute:PidNumberIdentifier" and "dk:gov:saml:attribute:RidNumberIdentifier". Does that mean that those methods do not work with an OIOSAML 3.0 assertion?

Hi Jakob.


All attributes can still be retrieved by using the getAllAttributes() method, but you are right that the convenience methods for retrieving PID and RID are still pointing to the old attributes.


As we need to support both OIOSAML 2.0.9 and 3.0, I'll update the methods to attempt to retrieve both attributes, and return whichever is available. It will prefer 3.0 attributes if both are available.

Expect an updates release later today.

I might have been a bit to fast there - it seems that both of these attributes


are deprecated in the OIOSAML 3.0 profile. I'll still make the change, as it seems these attributes will still be issued for some period of time (I'm guessing here, so don't rely on that bit of information for any kind of planning).

I'll also add convenience methods for the new UUID attributes




Build and test

Mac Wendelboe

Actually building the included IdP requires Java 11.

And the IdP must be built and running in order to execute the unit tests. So it seems like the bootstrap build process is now as complicated as:

1. mvn -Dmaven.test.skip=true package

2. Fire up up the IdP

3. mvn package

Unfortunately I haven't verified all of this process, since I got stuck on missing Java 11.

True, the IdP is a Java 11 application, but you do not need to actually compile the source, nor run the tests, to use OIOSAML. It is available as a maven dependency.


You also do not need to run the tests to compile the application, so if your step 1 is enough, as that will create the package.