Skip to content

canonical/saml-test-idp

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

10 Commits

.github/workflows

.github/workflows

 
 

certs

certs

 
 

saml_test_helper

saml_test_helper

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

requirements.txt

requirements.txt

 
 

samlidp.go

samlidp.go

 
 

setup.py

setup.py

 
 

tox.ini

tox.ini

 
 

Repository files navigation

SAML Test IdP

SAML Test IdP provides a standalone test Identity Provider (IdP) server, built upon crewjam/saml. It also offers a companion Python library to streamline testing for SAML service providers.

Warning This is strictly for testing purposes only. It should NOT be used in any other context.

Getting Started

1. Installation

To install the companion Python helper library, use the following command.

pip install git+https://github.com/canonical/saml-test-idp.git

The SAML test IdP server is distributed via a Docker image. Deployment is handled by the companion helper library.

2. Deploying the SAML Test IdP

Within your test suite, use the SamlK8sTestHelper.deploy_saml_idp factory to deploy the SAML Test IdP server into a Kubernetes cluster. It will return an instance of the helper for further interactions.

from saml_test_helper import SamlK8sTestHelper

saml_helper = SamlK8sTestHelper.deploy_saml_idp(namespace="test-testing")

3. Preparing Service Provider Pods

Since SAML mandates HTTPS, it's essential to modify the service provider pods to ensure they trust the SAML Test IdP server's TLS certificates and have the correct host records in place. This process is simplified with a method provided by the helper.

saml_helper.prepare_pod(namespace="test-testing", pod="saml-integrator-0")
saml_helper.prepare_pod(namespace="test-testing", pod="synapse-0")

Note: Always complete this step before configuring the service provider with the SAML Test IdP, otherwise it will result in errors.

4. Registering Service Provider Metadata

For the SAML authentication process, the SAML Test IdP must be aware of the service provider. Achieve this by registering the service provider's metadata XML.

saml_helper.register_service_provider(
    name="synapse.local", metadata=service_provider_metadata
)

5. Single Sign-On (SSO) Login Process

With the above steps completed, you're ready to test the login flow. Begin the login process at the service provider's end. Though the exact path might differ across service providers, it should result in a redirection to the SAML test IdP for SSO login. Capture the redirection URL, then pass it to the helper.

Here, the helper completes all steps on the IdP side and returns a SamlResponseHttpPost object holding the assertion. You can then inspect, modify, or relay this response to the service provider to finalize the login.

saml_response = saml_helper.redirect_sso_login(redirect_url)
assert "https://synapse.local" in saml_response.url

url = saml_response.url.replace("https://synapse.local", f"http://{ip}:8080")
logged_in_page = requests.post(
    url, data=saml_response.data, headers={"Host": "synapse.local"}
)

About

SAML integration test made easy with saml-test-idp

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

3 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages 1

 

Contributors 3

  •  
  •  
  •  

Languages