Per le istruzioni in Italiano, cliccare qui.
SPID SAML Check
SPID SAML Check is a tool that performs some tests on Service Providers, as inspecting requests shipped to an Identity Provider, checking metadata compliance and sending custom responses back to Service Provider. It includes a tool based on Tox (
specs-compliance-tests) to check the SPID specifications compliance, a Node.js web application (
spid-validator) that provides an easy to use interface and an extension for Google Chrome that intercepts the request.
SPID SAML Check has been developed and is maintained by AgID - Agenzia per l'Italia Digitale
How to build with Docker
git clone https://github.com/italia/spid-saml-check.git cd spid-saml-check $ docker build -t spid-saml-check .
How to run with Docker
$ docker run -t -i -p 8080:8080 spid-saml-check
copy spid-saml-check metadata to the SP you want to test with. spid-saml-check metadata can be downloaded at: http://localhost:8080/metadata.xml
wget http://localhost:8080/metadata.xml -O /path/to/your/sp/metadata/folder/spid-saml-check-metadata.xml
submit validator/ validator as credential
Send an authn request to spid-saml-chek in order to unlock Request and Response menu
Now you'll be able to execute all the tests, in order of appareance: Metadata, Request and Response.
How to use it as a SPID Validator
The Node.js application, if invoked as a web application as is, provides "basic", formal validation of a Service Provider's SAML metadata.
In order to unleash the full set of SPID compliance tests (the proper SPID Validator), retrieve the metadata of SPID Validator at http://localhost:8080/metadata.xml and configure it on as a new Identity Provider (IdP) under your Service Provider (SP) implementation.
When used in this fashion, the SPID Validator can be invoked as an IdP from your SP, listing 300+ individual controls, divided into 7 families:
- 4 families for the formal validation of the SP metadata (already described);
- 3 families for the formal validation of the SP's SAML request;
- 1 family (111 controls) for interactively validating the SP behaviour to SAML responses from IdP's.
To use the SPID Validator the AuthnRequest are thus sent from your SP, loggin in to Validator with following credentials: