diff -Naur org//ChangeLog new//ChangeLog
--- org//ChangeLog	2013-04-04 13:29:21.028703623 +0200
+++ new//ChangeLog	2013-04-04 13:30:18.601660237 +0200
@@ -33,6 +33,7 @@
 	new feature: configurable top-to-bottom units order in particular racks
 		(#601)
 	new feature: overridable tag names display style (via CSS and plug-ins)
+	new feature: SAML is now supported, using SimpleSAMLphp API (ticket:811)
 0.20.3 2012-12-19
 	bugfix: DB exception on ports linking (#699)
 0.20.2 2012-12-19
diff -Naur org//wwwroot/inc/auth.php new//wwwroot/inc/auth.php
--- org//wwwroot/inc/auth.php	2013-04-04 11:41:34.620994648 +0200
+++ new//wwwroot/inc/auth.php	2013-04-04 13:58:10.877447038 +0200
@@ -54,6 +54,13 @@
 					throw new RackTablesError ('The web-server didn\'t authenticate the user, although ought to do.', RackTablesError::MISCONFIGURED);
 				$remote_username = $_SERVER['REMOTE_USER'];
 				break;
+			case 'saml':
+				$saml_username = '';
+				$saml_success = authenticated_via_saml ( $saml_username );
+				if (!$saml_success)
+					break; //failure
+				$remote_username = $saml_username;
+				break;
 			default:
 				throw new RackTablesError ('Invalid authentication source!', RackTablesError::MISCONFIGURED);
 				die;
@@ -90,6 +97,16 @@
 				$userinfo['user_realname'] :
 				(strlen ($ldap_dispname) ? $ldap_dispname : $remote_username); // then one from LDAP
 			return; // success
+		case ('saml' == $user_auth_src):
+			$saml_username = '';
+			$saml_dispname = '';
+			$saml_success = authenticated_via_saml ( $saml_username, $saml_dispname);
+			if (!$saml_success)
+				break; //failure
+			$remote_displayname = strlen($saml_dispname) ?
+				$saml_dispname : 
+				$saml_username;
+			return; // success
 		default:
 			throw new RackTablesError ('Invalid authentication source!', RackTablesError::MISCONFIGURED);
 	}
@@ -244,6 +261,35 @@
 	return $didChanges;
 }
 
+// a wrapper for SAML auth method
+function authenticated_via_saml (&$saml_username = NULL, &$saml_displayname = NULL )
+{
+	global $SAML_options, $debug_mode;
+	if (! file_exists ($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php'))
+		throw new RackTablesError ('Configured for SAML authentication, but simplesaml is not found.', RackTablesError::MISCONFIGURED);
+	require_once($SAML_options['simplesamlphp_basedir'] . '/lib/_autoload.php');
+	$as = new SimpleSAML_Auth_Simple($SAML_options['sp_profile']);
+	if (!$as->isAuthenticated())
+		$as->requireAuth();
+	$attributes = $as->getAttributes();
+	$saml_username = saml_getAttributeValue($attributes, $SAML_options['usernameAttribute']);
+	$saml_displayname = saml_getAttributeValue($attributes, $SAML_options['fullnameAttribute']);
+	if ($as->isAuthenticated()) 
+		return true;
+	return false;
+}
+
+function saml_getAttributeValue($attributes, $name) {
+	if (isset($attributes[$name])) {
+		if (is_array($attributes[$name]))
+			return $attributes[$name][0];
+		else 
+		return $attributes[$name];
+	}
+	return '';
+}
+
+
 // a wrapper for two LDAP auth methods below
 function authenticated_via_ldap ($username, $password, &$ldap_displayname)
 {
diff -Naur org//wwwroot/inc/install.php new//wwwroot/inc/install.php
--- org//wwwroot/inc/install.php	2013-04-04 13:10:04.873511050 +0200
+++ new//wwwroot/inc/install.php	2013-04-04 13:10:42.850141319 +0200
@@ -275,6 +275,17 @@
 #	'use_tls' => 2,         // 0 == don't attempt, 1 == attempt, 2 == require
 #);
 
+# For SAML configuration details:
+# http://wiki.racktables.org/index.php?title=SAML
+
+#\$SAML_options = array
+#(
+#	'simplesamlphp_basedir' => '../simplesaml',
+#	'sp_profile' => 'default-sp',
+#	'usernameAttribute' => 'eduPersonPrincipName',
+#	'fullnameAttribute' => 'fullName',
+#);
+
 # This HTML banner is intended to assist users in dispatching their issues
 # to the local tech support service. Its text (in its verbatim form) will
 # be appended to assorted error messages visible in user's browser (including