Saml2Test testapp
The git repository for Perl's Net::SAML2 cpan module includes a test application that implements a SAML2 Service Provider that is used to test Net::SAML2 against multiple Identity Providers (IdPs).
Over the last few releases the testapp has been improved to make it easier to test Net::SAML2 against multiple IdPs. Adding a new IdP is simple:
- Add a new directory to the IdPs directory (the name of the IdP ex. shibboleth)
- Copy the IdP's metadata to the new directory (ex. IdPs/shibboleth/metadata.xml
- Copy the IdP's cacert to the new directory (ex. IdPs/shibboleth/cacert.pem
- Create an IdP's attribute mapping config if needed (ex. IdPs/shibboleth/mappings.yml)
- The new IdP configuration will automatically show up on the index page of the testapp.
Simply clicking on the link for an IdP performs a SAML2 HTTP-Redirect to the IdP to allow you to log on.
After you successfully log on, the IdP initiates a SAML2 call back to the testapp application which processes the SAML2 assertion and displays the user attributes.
Currently the testapp only supports a HTTP-Redirect to initiate a login request but there are plans to support other Binding methods.
The testapp supports multiple binding types as a response including:
- HTTP-POST
- SOAP
The logged in page displays a dynamic message specifying the Login Method: "Successful Login via POST" to tell you how the IdP communicated to the testapp SP.
Many IdPs have different supported Bindings for a LogoutRequest. The logged in page dynamically displays the supported Logout options for each IdP.
Upon Logout the index page displays a dynamic message that specifies the Logout method: "Successful logout via: SOAP".
