How do I set up a local test SAML2.0 Identity Provider?

Question

As a Service Provider (SP) I have written a node.js service to processes SAML2.0 Assertions. I would now like to test this code.

I am aware that I can use various cloud-based services to act as my test Identity Provider (IdP) however these require that my new, untested SP end-points be made public.

Currently I am simply POSTing a hand-crafted SAML2.0 Assertion to my SP end-point but I want a more realistic test, especially the ability to test SP initiated SSO.

Therefore I believe I need to have a local IdP running on my development machine so I can, for now, keep all my testing local and sand-boxed.

Can you recommend a way forward for me?

Answer 1

You actually do not need to publish your endpoints in order to be able to use a public IDP.

All communication between the SP and IDP is either done through your browser (which of course needs to be able to access both your local SP and public IDP), or your SP calls IDP (when using HTTP-Artifact profile). But in usual situations IDP never directly calls SP, which means that SP can be running locally without a publicly accessible URL.

One of the public IDPs which can be configured in this way is SSO Circle.

In case you would still like to run an IDP locally, Shibboleth is probably your easiest bet.

Answer 2

There is an open Idp that will reply to any AuthnRequest available for free at https://stubidp.sustainsys.com. It will allow you to set the Subject NameId you want in a simple form and then reply back to the SP. If you want to set up your own instance, the source of the stubidp is available at https://github.com/Sustainsys/Saml2.

Disclosure notice: I'm the author of the stubidp, but I won't make any money out of anyone using it, it's provided entirely as a free service.