Service providers with SAML version 2 for SSO accessible to public? [closed]

Asked 19/5, 2011 at 18:24 Answered 7/5, 2017 at 17:56

Solved testing single-sign-on saml service-provider

I'm wondering if there are any publicly available SAML version 2 SPs (Service Providers) that can be used to test SSO(Single Sign On)

Salesforce and Google apps both have an SSO solution, but how to go get access to them and what is the cost for those services?

I could setup a service provider using OpenSSO on an another system for my testing purpose.

Devilfish answered 19/5, 2011 at 18:24 Comment(4)

There is also "SAML2 stub: be whoever you want to be" which seems to also be a SAML test page. – Solidify 6/8, 2018 at 13:4

Two more alternatives: samltest.id and github.com/mcguinness/saml-idp – Emendate 6/9, 2019 at 12:26

developer.okta.com/docs/guides/build-sso-integration - for OPENID and SAML V2. Non premium version is available to public – Electroshock 25/8, 2020 at 15:30

https://mcmap.net/q/331720/-can-you-recommend-a-saml-2-0-identity-provider-for-test-closed – Egregious 29/6, 2022 at 10:52

UPDATE: Samling is live again at https://fujifish.github.io/samling/samling.html

Samling is a serverless SAML IdP for the purpose if testing any SAML SP endpoint. It supports AuthnRequest and LogoutRequest.

It runs solely in the browser to simulate SAML responses returned from a SAML IdP - no registration, no servers, just a browser. You can control many aspects of the response - from success to various failures.

Simply setup the target URL for the SAML IdP to be https://fujifish.github.io/samling/samling.html, and you're done. If there is a SAMLRequest query param present on the request, Samling will parse, extract and populate the relevant fields.

If you don't want to use the online version, you can clone the samling repo from https://github.com/fujifish/samling and host it yourself - all you will need is a static file server.

Kimsey answered 11/3, 2017 at 8:58 Comment(3)

(Promoting to the accepted answer since it seems like a much saner solution for present-day askers of this question) – Devilfish 8/8, 2017 at 1:48

Samling is such a great SAML testing tool, but it seems to have disappeared this week along with Capriza. Does anyone out there have the Samling source? – Unmeet 19/2, 2021 at 12:22

Samling is live at fujifish.github.io/samling/samling.html – Kimsey 2/5, 2021 at 18:18

Salesforce has a free developer edition you can sign up for at: http://developer.force.com. It will enable you to test with them acting as either a SAML 2.0 SP or IDP. It is quite simple to sign up and use its SAML features for testing purposes.

For Google, they offer free 30 day Google Apps accounts for trial purposes - beyond that you need to pay.

As you say - there are loads others (like PingFederate or OpenAM) that you could either get for free, sign up for a trial for or purchase - if you want something in house.

Rawley answered 20/5, 2011 at 1:14 Comment(6)

sir, Can I use salesForce's Identity Provider as the Test IdP for my SP(which I am going to implement using opensaml-java)?Basically I need a Test IdP to Test my SP.Thank you. – Genome 4/2, 2014 at 11:46

Yes, Salesforce can be configured as an IdP. – Rawley 4/2, 2014 at 18:40

Pray tell, how? @ScottT. IS there a document you can link to? – Microscopium 23/4, 2014 at 19:20

Once you sign up for a developer account (and confirm your email) - you can follow the instructions here: help.salesforce.com/apex/HTViewHelpDoc?id=sso_saml.htm or here: blogs.oracle.com/rangal/entry/saml2_salesforce_com – Rawley 23/4, 2014 at 20:31

@ScottT. Thanks, but neither of the documentation pages that you link to describe how to configure Salesforce as an IdP. Can you provide more detail? – Ballad 17/9, 2014 at 15:58

here is an updated link with details on setting this up: developer.salesforce.com/page/… – Federicofedirko 25/1, 2016 at 16:27

Shibboleth offer a publicly available SAML v2 SP and IdP; https://www.testshib.org/ Note - works with any SAML IdP/SP, not just shib.

Menashem answered 10/11, 2012 at 0:0 Comment(0)

Why not just use SimpleSAMLPHP? It's easy to set up, and can be used as a service provider. Google Apps is also pretty easy to set up as a SAML service provider.

Beatrizbeattie answered 26/5, 2012 at 5:27 Comment(0)

SSOCircle - SAML/OpenID IDP

I can't recommend because I haven't used it, but it sounds promising, so worth trying.

They provide free public users and integration with your own SP and additional features with premium accounts.

Beall answered 13/4, 2016 at 2:38 Comment(0)

You can definitely use miniOrange's SAML SSO with a variety of service providers. I knew nothing about how it all works, and got it setup using their free trial very quickly, as they have nice docs that step you through integrating with a variety of service providers, with Salesforce of course being one of them.

So:

Sign up for a free trial here
View their docs on how to integrate.

I don't work for them, I just found it was easy one to setup, and I tried SSOCircle and Salesforce as an IDP before these guys as well. FYI !

Billy answered 17/10, 2016 at 11:57 Comment(0)

Here is how you can use salesforce developer's account to set up your IdP and test it with an example service provider hosted on heroku

STEP 1: Establish a Federation Id For this single sign-on implementation, we’ll set a user attribute that links the user between their Salesforce organization and an external application.

From Setup in your salesforce developer's account, enter Users in the Quick Find box, then select Users. Click Edit next to your current user. In the Single Sign On Information section, enter the Federation ID: [email protected]. For this example, we arbitrarily made up a Federation ID. The Federation ID is a unique username for each user that can be shared across multiple applications. Sometimes this is the employee ID for that user. Click Save.

STEP 2: Set up your Identity Provider

In a new browser window, go to http://axiomsso.herokuapp.com.
Click SAML Identity Provider & Tester. Click Download the Identity Provider Certificate. The certificate validates signatures, and you need to upload it to your Salesforce organization. Remember where you save it.
In your Salesforce organization, from Setup, enter Single Sign-On Settings in the Quick Find box, then select Single Sign-On Settings. Click Edit. Select SAML Enabled. Click Save.

In SAML Single Sign-On Settings, click New. Enter the following values.

Name: Axiom Test App 
Issuer: http://axiomsso.herokuapp.com Identity
Provider Certificate: Choose the file you downloaded in step 3.
Request Signing Certificate: Select a certificate. If no 
certificate is available, leave as Generate self-signed 
certificate. 
SAML
Identity Type: Select Assertion contains the Federation ID from the
User object. 
SAML Identity Location: Select Identity is in the
NameIdentifier element of the Subject statement. 
Service Provider Initiated Request Binding: Select HTTP Redirect. 
Entity Id: Enter your My Domain name including “https”, such as
https://universalcontainers.my.salesforce.com Click Save and leave
the browser page open.

STEP 3: Generate SAML

Return to Axiom at http://axiomsso.herokuapp.com. Click generate a SAML response. Enter the following values (other fields can be left blank).

 SAML 2.0
 Username or Federated ID: [email protected]
 Issuer: http://axiomsso.herokuapp.com
 Recipient URL: Get that from the Salesforce SAML Single Sign-On 
 Setting page. (If you didn’t keep that page open, from Setup, 
 enter Single Sign-On Settings in the Quick Find box, then select 
 Single Sign-On Settings, and then click Axiom Test App.) Use the 
 Salesforce Login URL value.

Cathode answered 7/5, 2017 at 17:56 Comment(0)

So:

Recommended topics

Hot tags