Test Google SSO SAML on Localhost

Asked 13/6, 2019 at 13:40 Answered 27/5, 2020 at 13:23

Solved python google-cloud-platform single-sign-on saml-2.0 google-sso

The ACS url in the Google SSO SAML setup where Google is the Identity Provider has to start with https. Therefore, I've not been able to use a localhost url. Is there a way how I could test Google SSO SAML on a local server? What url (or other details) do I need to enter?

Housewares answered 13/6, 2019 at 13:40 Comment(6)

Why would it not be possible to use SAML with Google SP? Google SP is hosted in internet space .. right? – Polypus 14/6, 2019 at 9:54

@BernhardThalmayr My bad, I use Google as the Identity Provider. I edited my question. Thanks. – Housewares 14/6, 2019 at 14:55

Well, why can't you just configure a secure listener on the server hosting your SP? – Polypus 14/6, 2019 at 15:32

@BernhardThalmayr I can, but then I need to deploy everytime I made a change. Thats time consuming. – Housewares 17/6, 2019 at 8:4

I'm sorry, I do not get this. Why would you need to deploy anything if you use a secure listener on localhost? – Polypus 18/6, 2019 at 15:15

@BernhardThalmayr I do not know how to use a secure listener on localhost. I eventually solved the problem using ngrok. See my answer. – Housewares 19/6, 2019 at 9:27

So, Google SAML app (Google is the Identity Provider) forces you to enter an ACS url starting with https://*. Therefore, I was unable to enter a http://localhost url. I used the django demo from the python3-saml package to integrate SAML SSO into my app.

To get an https url pointing to my localhost server I used ngrok, which gives you an https and http link for the url to your localhost. That https url can be entered in the ACS url and Entity url in Google Admin. The django demo uses url parameters to redirect the user to the logged in view, but that didnt work for me using ngrok. So, I decided to render the logged in view on a seperate url /sso/logged-in/ instead of /sso/?acs.

Housewares answered 17/6, 2019 at 8:13 Comment(0)

ngrok is used to expose apps on your localhost to the internet with a single easy command.

./ngrok http 3000

When the above command is typed in the terminal a window will open in terminal which will tell the public url that you can access through the internet to connect to an app hosted on port 3000 on your localhost. For more information,kindly look into https://ngrok.com/

Kindly upvote if it helped you!!

Saree answered 27/5, 2020 at 13:23 Comment(0)

Have you tried following test identity provider (dockerized): https://github.com/kristophjunge/docker-test-saml-idp

Woolard answered 17/6, 2019 at 12:28 Comment(3)

No, I haven't tried that. The solution I described in my answer is working as expected right now. Thanks anyway. – Housewares 17/6, 2019 at 12:56

You could also use SSO Circle (ssocircle.com/en/portfolio/publicidp) as cloud IdP for testing – Polypus 18/6, 2019 at 15:14

He is trying to integrate with specific identity provider. The public idp from ssocircle requirements may be different, which is fine, but i am recommending to use it for learning purposes. – Woolard 18/6, 2019 at 15:20

I had same problem , i ran my app on localhost with https using local iis with self signed certificate and it worked just fine.

This way its easy to debug saml response from google rather than using remote urls.

Peeress answered 1/1, 2020 at 12:1 Comment(0)

You need any public address to pass there - identity provider needs to redirect to you website. You can either:

deploy application to some server
use tunneling (when pointing to https://example.localtunnel.me your request will hit localhost:8080 or whatever you will specify).

There are many tunnel providers on the internet. As a free and easy one you can consider Localtunnel which is free and easy to use.

Simply type:

> npm install -g localtunnel
> lt --port 8080

and then your local application will be publicly visible.

Search answered 6/2, 2020 at 11:59 Comment(0)

Recommended topics

Hot tags