diff --git a/config/config_defaults.inc.php b/config/config_defaults.inc.php
index 78d53569a9f75fb7d4e664fc4c63cb4b58907ef8..267728fbe0f713b249aa53197cc4147353745b64 100644
--- a/config/config_defaults.inc.php
+++ b/config/config_defaults.inc.php
@@ -252,6 +252,7 @@ LdapReader      authentication using an LDAP server, this plugin binds to the se
             this account must have read access to gather the attributes for the user who tries to authenticate.
 CAS         authentication using a central authentication server (CAS)
 Shib            authentication using a Shibboleth identity provider (IdP)
+SimpleSamlPHP authentication using a SimpleSamlPHP identity provider (IdP)
 
 If you write your own plugin put it in studip-htdocs/lib/classes/auth_plugins
 and enable it here. The name of the plugin is the classname excluding "StudipAuth".
@@ -267,6 +268,7 @@ $STUDIP_AUTH_PLUGIN[] = "Standard";
 // $STUDIP_AUTH_PLUGIN[] = "LTI";
 // $STUDIP_AUTH_PLUGIN[] = "Shib";
 // $STUDIP_AUTH_PLUGIN[] = "IP";
+// $STUDIP_AUTH_PLUGIN[] = "SimpleSamlPHP";
 
 $STUDIP_AUTH_CONFIG_STANDARD = ["error_head" => "intern"];
 
@@ -376,6 +378,13 @@ $STUDIP_AUTH_CONFIG_SHIB = array("session_initiator" => "https://sp.studip.de/Sh
                                                         "auth_user_md5.Nachname" => array("callback" => "getUserData", "map_args" => "surname"),
                                                         "auth_user_md5.Email" => array("callback" => "getUserData", "map_args" => "email")));
 
+$STUDIP_AUTH_CONFIG_SIMPLESAMLPHP = array("return_to_url" => '',
+                                                "sp_name" => 'default-sp',
+                                                "user_data_mapping" =>      array(
+                                                "auth_user_md5.Email" => array("callback" => "getUserData", "map_args" => "email"),
+                                                "auth_user_md5.Nachname" => array("callback" => "getUserData", "map_args" => "firstName"),
+                                                "auth_user_md5.Vorname" => array("callback" => "getUserData", "map_args" => "lastName")));
+
 $STUDIP_AUTH_CONFIG_IP = array('allowed_users' =>
     array ('root' => array('127.0.0.1', '::1')));
 */
diff --git a/lib/classes/auth_plugins/StudipAuthSimpleSamlPHP.class.php b/lib/classes/auth_plugins/StudipAuthSimpleSamlPHP.class.php
new file mode 100644
index 0000000000000000000000000000000000000000..deb899cdd2a7074effae8f939002df6c29023ee7
--- /dev/null
+++ b/lib/classes/auth_plugins/StudipAuthSimpleSamlPHP.class.php
@@ -0,0 +1,113 @@
+<?php
+
+/**
+ * Class: StudipAuthSimpleSamlPHP
+ * author: Rene Ceska <ceskar2001@gmail.com>
+ * This class is used to authenticate users through SimpleSAMLphp.
+ * This code was inspired by other Stud.IP auth plugins.
+ */
+
+// Default location of SimpleSamlPHP _autoload. Change if needed.
+require_once('/var/simplesamlphp/src/_autoload.php');
+
+class StudipAuthSimpleSamlPHP extends StudipAuthSSO
+{
+    // Url to redirect to after successful login
+    public $return_to_url;
+    // Name of the SimpleSAMLphp SP
+    public $sp_name;
+    // Name of attribute that contains username (if empty it will use NameID as username)
+    public $username_attribute;
+    public $userdata;
+    public $as;
+
+    /**
+     * Constructor: read auth information from remote SP.
+     */
+    public function __construct($config = [])
+    {
+        parent::__construct($config);
+        // check if user chosen to login through this plugin
+        if (Request::get('sso') === $this->plugin_name) {
+
+            $this->as = new \SimpleSAML\Auth\Simple($this->sp_name);
+
+            // check if user is already authenticated and if not, authenticate them
+            if (!$this->as->isAuthenticated()) {
+                $this->as->requireAuth(['ReturnTo' => $this->return_to_url]);
+            }
+            $this->userdata = [];
+            // get username
+            if (empty($username_attribute)){
+                    $this->userdata['username'] =  $this->as->getAuthData('saml:sp:NameID')->getValue();
+            }else{
+                    $this->userdata['username'] =  $this->as->getAttributes()[$this->username_attribute];
+            }
+            // get other user attributes
+            $this->userdata = array_merge($this->userdata, $this->as->getAttributes());
+
+            // cleanup session so it does not interfere with Stud.IP session
+            $session = \SimpleSAML\Session::getSessionFromRequest();
+            $session->cleanup();
+        }
+
+        if (!isset($this->plugin_fullname)) {
+            $this->plugin_fullname = _('Federated');
+        }
+        if (!isset($this->login_description)) {
+            $this->login_description = _('Login trough your institution');
+        }
+    }
+
+    /**
+     * Return the current username.
+     */
+    public function getUser()
+    {
+        return $this->userdata['username'];
+    }
+
+    /**
+     * Validate the username passed to the auth plugin.
+     * Note: This triggers authentication if needed.
+     */
+    public function verifyUsername($username)
+    {
+        if (isset($this->userdata)) {
+            // use cached user information
+            return $this->getUser();
+        }
+
+        // check if user is already authenticated and if not, authenticate them
+        if (!$this->as->isAuthenticated()) {
+            $this->as->requireAuth(['ReturnTo' => $this->return_to_url]);
+        }
+
+        if (empty($username_attribute)){
+                $this->userdata['username'] =  $this->as->getAuthData('saml:sp:NameID')->getValue();
+        }else{
+                $this->userdata['username'] =  $this->as->getAttributes()[$this->username_attribute];
+        }
+        $session = \SimpleSAML\Session::getSessionFromRequest();
+        $session->cleanup();
+        return $this->getUser();
+    }
+
+    /**
+     * Callback that can be used in user_data_mapping array.
+     */
+    function getUserData($key)
+    {
+        return $this->userdata[$key];
+    }
+
+
+    /**
+     * Logout the user.
+     */
+    public function logout()
+    {
+        $auth = new \SimpleSAML\Auth\Simple($this->sp_name);
+        $auth->Logout();
+    }
+}
diff --git a/public/logout.php b/public/logout.php
index 2f8fcd8c58eaca7526caf21dfdaaac902e94bb75..2dea954675c5e16a8ae913457cf02ba95add271f 100644
--- a/public/logout.php
+++ b/public/logout.php
@@ -48,6 +48,11 @@ if ($auth->auth['uid'] !== 'nobody') {
         $casauth = StudipAuthAbstract::GetInstance('cas');
         $docaslogout = true;
     }
+    if ($auth->auth["auth_plugin"] === "simplesamlphp"){
+        $SimpleSamlPHPAuth = StudipAuthAbstract::GetInstance('simplesamlphp');
+        $dosimplesamlphplogout = true;
+    }
+
     //Logout aus dem Sessionmanagement
     $auth->logout();
     $sess->delete();
@@ -62,6 +67,9 @@ if ($auth->auth['uid'] !== 'nobody') {
     if (!empty($docaslogout)) {
         $casauth->logout();
     }
+    if (!empty($dosimplesamlphplogout)) {
+        $SimpleSamlPHPAuth->logout();
+    }
     $sess->start();
     $_SESSION['_language'] = $_language;
     if ($contrast) {