loading . . . Will quantum computing topple SAML? The Majorana 1. Photo by John Brecher for Microsoft
The UK federation is arguably one of the largest SAML federations in the Research and Education sector, with over 1200 member organisations spanning Higher Education (HE) and Further Education (FE), and with significant representation from the research and commercial sectors. We are a trust broker. A level playing field. We help people securely access services, and enable services to make informed decisions about access and authorization. We have operated in the international community for 20 years. We work for the benefit of our customers by integrating with over 70 other national federations to increase our worldwide reach to 6,000 identity providers and over 3,500 services.
There is a lot of evidence that multi-lateral SAML federations are in good health:
* The UK federation continues to register new SAML services
* Our helpdesk receives excellent customer service feedback for its support to Jisc members and customers
* Data from federations which produce statistics on number of authentications (such as the Dutch federation SURFnet) show an increase year-on-year
* In April 2025 five new national federations joined the eduGAIN (SAML) inter-federation service.
How, then, should we respond to the increasingly insistent claims that “SAML is dead”? These claims are often given with little evidence, and certainly have no timescale attached. However, we know that there is significant development effort happening with other federated identity protocols such as OpenID Connect, OpenID Federation and the Federated Credential Management browser API. More importantly, recent guidance from the UK’s National Cyber Security Centre gives a clear timescale for migrating systems to use quantum-resistant cryptography. They’re not the experts on SAML federation, of course, so they don’t provide a pathway for us to follow, and we have to define our own. Will quantum computing topple SAML?
### **Some evidence for SAML decline**
* Web developers are typically not familiar with federated authentication, nor the design patterns and architecture associated with multi-lateral SAML federations. We already see a slowdown of new registrations to the UK federation, but is that trend going to continue, or would information and advice about the benefits of SAML federations reverse that?
* Scalable mechanisms to release personal data do not exist and IdP operators are risk averse to ad hoc solutions. This frustrates the promise of the rich authorization framework that SAML federations can support.
* There are many infrastructure and community proxies which provide functionality that cannot be provided by the national multilateral SAML federations, such as protocol translation services and group membership. The AARC Blueprint architecture shows the maturity of the proxy space and indicates the features that cannot be easily deployed in a pure SAML federation.
* The SAML technical committee was closed in 2023 so new developments to the protocol are very unlikely. Even before the committee was formally closed, the pace of standardisation was slowing, with the last specification dating to 2019, and low uptake of the newer specifications.
* SAML does not easily support use cases like single page application frameworks or mobile applications, and doesn’t have REST APIs for authentication flows
* New technologies like Verifiable Credentials are being built on top of OIDC not SAML.
* If a vulnerability in the SAML protocol were discovered, there would be no standards-based response. However, we could develop ad hoc or community solutions which are really the basis for any formal standards-based response, so this is really a lack of formality than an existential issue. And also note that recent vulnerabilities have been in SAML implementations or deployments; it’s not the protocol which has been critically vulnerable.
* Making or maintaining secure SAML implementations is likely to get harder as people with relevant skill sets (for example, XML, XSLT and XML Digital Signatures) leave the sector and new developers just want to use and work with JSON and JOSE.
None of these factors suggests a specific end date for SAML although taken together they indicate a gradual decline in relevance and low capacity to change. We could take the position that the UK federation has found a niche and should continue to occupy it.
### **NCSC timeline for migration to post-quantum cryptography**
The game-changer is guidance published in March 2025 by the UK’s National Cyber Security Centre, which provides a timeline to migrate safely to post-quantum cryptography (PQC). Should we be concerned with PQC? A recent research paper states that “the security and privacy of XML-based frameworks such as SAML is threatened by the development of increasingly powerful quantum computers. In fact, future attackers with access to scalable quantum computers will be able to break the currently used cryptographic building blocks and thus undermine the security of the SAML SSO to illegally access sensitive private information”.
For our purposes, the NCSC timeline is:
* By 2028, we must define migration goals and build an initial migration plan
* By 2031, we must carry out the earliest, highest-priority PQC migration activities
* By 2035, we must complete migration to PQC of all systems
One of the main goals for us as a national infrastructure provider is to stay on top of the game and to minimize the disruption to our members.
From an infrastructure point of view, the goals for making the UK federation technical infrastructure quantum-resistant lie on a spectrum between:
* Ensuring SAML in use in the UK federation is quantum-resistant, and
* Migrating away from SAML to something that is quantum-resistant.
Since internet identity is an ecosystem, it’s likely that a hybrid solution will emerge, and that the UK federation will have to investigate a number of scenarios to define our goals.
Once we have defined the goals, their delivery and implementation will be a colossal piece of work for the UK federation as an infrastructure provider. To illustrate the scale of what a migration goal should encompass, consider that on 22 April 2025 there were 2192 software deployments registered in the UK federation. Of these, 1442 run Shibboleth, 319 use OpenAthens, 82 run SimpleSAMLphp, and the remaining 349 are a long tail of other software stacks. Ensuring these software deployments migrate and remain interoperable is a considerable behind-the-scenes piece of work, which would need to be scaled out worldwide to the 8,000 other deployments across eduGAIN. It will need significant technical expertise, good communication with stakeholders and adroit management.
#### **How do we ensure SAML in the UK federation is quantum-resistant?**
In August 2024, NIST standardised the first PQC algorithms after several years of scrutiny, but that is not the end of the story. These algorithms have to be incorporated into protocols. The algorithms must also be implemented in hardware and software, and then into the applications stacks. This work is happening right now, although as William Gibson’s saying goes: the future is already here, it’s just not evenly distributed. For example, Java is the primary implementation language in the UK federation, and Java 24 now implements the ML-DSA digital signature algorithm, but the long tail of implementations in the UK federation are not all Java code.
Research and Education SAML federations rely on cryptography in these 3 ways:
* All network traffic happens over https, so there is TLS protection of endpoints.
* We sign XML metadata with our federation’s key to ensure integrity and authenticity. We verify other federations’ metadata with their keys. These keys are typically 4096-bit RSA keys.
* Federation members sign and encrypt XML messages to other federation members, which verify and decrypt the messages. These keys are typically 2048-bit RSA keys.
Preparation for migration to PQC in TLS has been underway for some time, for example the IETF’s TLS working group is standardising hybrid key exchange in TLS 1.3. Federations do not need to lead the way here, although we must understand good practice and roll it out to our community.
The primary job for federations will be to understand how to protect the integrity and authenticity of XML metadata. We also need to work with SAML software implementers to determine whether it’s possible to sign and encrypt XML messages. This is going to be a challenge.
The cryptographic identifiers we use today were standardised in the W3C namespace over 15 years ago. It is unclear to the UK federation team whether the W3C is updating its specifications in light of PQC, so one of the first steps will be to engage with the W3C. And as we’ve seen before, standardisation of algorithms is just one step on the migration path. There are a lot of pieces of the puzzle to fit together.
### **Conclusion**
Making SAML quantum resistant has many interdependent elements which make hardening SAML a complex and risky endeavour. However, as we’ve seen in previous Trust and Identity blog post, if we wanted to migrate away from SAML then there’s no clear technology choice for what to migrate to. Even if there were, we would find similar migration challenges. The practical aspects of migration are formidable whether we choose to migrate away from SAML or we choose to harden SAML.
Over the next year, the UK federation team will continue to investigate this area and define our migration goals. We will endeavour to communicate our progress to UK federation members, and we anticipate more blog posts over the coming months. https://trustandidentity.jiscinvolve.org/wp/2025/05/16/will-quantum-computing-topple-saml/
