Same answer as "ti com", but with a little more detail:
If you're not interested in integrating into sitemap directly, then you might want to look at:
apache Shiro
buji-pac4j
pac4j-saml
I've had to use this stack when the client wanted to be able to alter the security configuration of the app from shiro configuration at the container level. In essence, it's implemented at the java level, using another member in the filter-chain before the liftfilter. In that way, you can really bring in any java-servlet based authentication module into a lift-app, and it doesn't need to be integrated into Lift, but you'll also lose the opportunity for in-depth integration into Lift's sitemap.
If you're interested in integrating into sitemap directly, I've used pac4j directly by wiring it into a LiftRules.dispatchPartial function. Because Pac4J wasn't built for Lift, there existed the need to write a class extending org.pac4j.core.context.WebContext, but that was really the only part of stepping into Pac4J's paradigm. The WebContext class is straightforward enough to extend - it appears to be largely just an abstraction to allow the SAML handler to extract the original request from the webserver, so that it can supply scheme,host,port,path,query to the relayState, which of course you populate however you'd like.
Good luck.