A Free Stub Idp för Testing SAML2

I’m happy to announce a new part of the Kentor.AuthServices project: An open Identity Provider for testing. It is available at http://stubidp.kentor.se.

The Idp functionality is still extremely limited, as it only can send unsolicited SAML2 responses to a service provider. If you’re using the Kentor.AuthServices library to implement a service provider in an ASP.NET site that’s however enough to start testing.

The plans for the stub idp is to keep it completely open, without the need for any registration. Functionality that I would like to add include:

  • Responding to AuthnRequests.
  • Presenting meta data.
  • Handling InResponseTo correctly for AuthnRequests.
  • More attributes (it now only supports subject).

Then I also want to add some bad behaviour, to be able to test error handling of a service provider.

  • Data signed by the wrong certficate.
  • Malformed responses.
  • Data tampered after signing.
  • Duplicate in-response-to.
  • Invalid validity time.

These are things that you should never see in the wild when connecting to a real identity provider, but for security solutions I think that it is as important to verify that incorrect data is dealt with properly as it is to verify that correct data is accepted.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.