The open SAML2 testing (or stub) Identity Provider (Idp) at http://stubidp.kentor.se has been improved and now answers any incoming AuthnRequests. The answer will automatically be sent to the Assertion Consumer Service URL contained in the AuthnRequest.
When working with applications using SAML2 authenticaiton we’ve found that handling authentication for the test and development environments is often troublesome. Existing Identity Providers, even if one is set up for test, requires registering of every Service Provider (i.e. web application) that is allowed to use it. Furthermore, a real identity provider provides real, controlled identities. That’s kind of the point of it, but when developing and testing, I want to be able to use a number of different accounts, without having to keep a stack of smart cards issued with with test identities on my desk.
When testing it is also a good idea to be able to trigger some errors, to verify the user experience in case the SAML response isn’t valid – what error messages is presented to the user in that case? In a real environment there will be an error eventually, confusing users. But it can be hard to trigger an error at will with a real identity provider doing it’s best to provide correct responses.
That’s why we created the Kentor.AuthServices StubIdp. The stub idp will respond to any incoming AuthnRequest. It provides a simple form, where you can see and adjust the response before sending it. If you e.g. want to check error handling, you can reuse the same InResponseTo id and make sure that your service provider recognizes and reject that.
The stub idp is part of the Kentor.AuthServices package, which is licensed with LGPL and hosted over GitHub. You can download and install your own local instance, or even better, help us improve the existing free instance with new features through pull requests.