{"id":18068441,"url":"https://github.com/paulcwatts/test-saml-idp","last_synced_at":"2026-04-30T15:32:27.403Z","repository":{"id":258636515,"uuid":"874308830","full_name":"paulcwatts/test-saml-idp","owner":"paulcwatts","description":"A basic test SAML IdP implementation in Python","archived":false,"fork":false,"pushed_at":"2026-03-24T02:04:44.000Z","size":277,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2026-03-25T01:54:56.992Z","etag":null,"topics":["fastapi","python","saml-idp","saml2"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/paulcwatts.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2024-10-17T15:44:01.000Z","updated_at":"2026-03-24T02:04:49.000Z","dependencies_parsed_at":"2025-12-19T06:02:00.130Z","dependency_job_id":null,"html_url":"https://github.com/paulcwatts/test-saml-idp","commit_stats":null,"previous_names":["paulcwatts/test-saml-idp"],"tags_count":10,"template":false,"template_full_name":null,"purl":"pkg:github/paulcwatts/test-saml-idp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulcwatts%2Ftest-saml-idp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulcwatts%2Ftest-saml-idp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulcwatts%2Ftest-saml-idp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulcwatts%2Ftest-saml-idp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/paulcwatts","download_url":"https://codeload.github.com/paulcwatts/test-saml-idp/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/paulcwatts%2Ftest-saml-idp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32469344,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-30T13:12:12.517Z","status":"ssl_error","status_checked_at":"2026-04-30T13:12:06.837Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fastapi","python","saml-idp","saml2"],"created_at":"2024-10-31T08:06:30.492Z","updated_at":"2026-04-30T15:32:27.395Z","avatar_url":"https://github.com/paulcwatts.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Test SAML IdP\n\n![workflow badge](https://github.com/paulcwatts/test-saml-idp/actions/workflows/build.yml/badge.svg?branch=main)\n[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://github.com/paulcwatts/test-saml-idp/blob/main/LICENSE)\n\nThis is a basic SAML Identity Provider (IdP) you can use to test a SAML\nService Provider (SP) implementation. It allows you to download metadata, to log in, \nand to respond with a signed SAML response. It also supports SAML Single Log Out.\n\n**This is not intended to be, nor will it ever be, a fully functional\nSAML IdP implementation.** It's only meant to stand up as a quick test IdP\nfor use in manual or automated testing.\n\n# Quick Setup\n\nThe easiest way to get up and going is to use the pre-built Docker image.\n\n## Running the server\n\n1. Create a metadata certification for development. This will also be used\nto sign SAML responses.\n```bash\nopenssl req  -new -newkey rsa:2048 -sha256 -days 365 -nodes -x509 -keyout metadata.key -out metadata.crt\n```\n2. Create a `.env` file and add the following contents:\n```env\nSAML_IDP_ENTITY_ID=http://localhost:8000/\nSAML_IDP_METADATA_CERT_FILE=/etc/saml/metadata.crt\nSAML_IDP_METADATA_KEY_FILE=/etc/saml/metadata.key\nSAML_IDP_USERS=[{\"username\": \"myuser\", \"password\": \"mypass\"}]\n```\n3. Run the Docker image:\n```bash \ndocker run --rm --env-file .env -p 8000:8000 \\\n  --read-only -v \u003clocal path to metadata.crt/key\u003e:/etc/saml \\\n  paulcwatts/test-saml-idp\n```\n4. Go to http://localhost:8000\n\nYou can click \"Sign in\" and login with the credentials you provided in the \nenv file. (Username: `myuser`, password: `mypass`). \n\n## Testing with a service provider\n\nIf you don't have a SAML Service Provider handy, you can use \nthe [RSA Test Service Provider](https://sptest.iamshowcase.com/instructions#spinit)\nto test that your IdP is running correctly. \n\n1. Download the IdP metadata from http://localhost:8000/metadata.xml:\n```bash\ncurl http://localhost:8000/metadata.xml \u003emetadata.xml\n```\n2. Go to https://sptest.iamshowcase.com/instructions#spinit and upload that file.\nCopy the provided URL to the clipboard.\n3. Open a browser window and paste that URL into the address bar. You should be redirected\nto the Test IDP.\n4. Log in using the credentials you used before (Username: `myuser`, password: `mypass`).\n\nIf everything works, you will be redirected back to the Service Provider\nwith the Subject Information and Authentication Details.\n\n# Deployment\n\nThis was written so you can test your federated login functionality without having\nto use an external service. To do that, you'll probably want to deploy\nit on your own infrastructure. Here are some considerations you'll want to think \nabout: \n\n1. You'll want to change the SAML entity ID to something less generic. It should be specific\nto your deployment, such as the URL of the deployed service. \n2. You will want to deploy the metadata certificate and key in a secure location, \nsuch as [Kubernetes secrets](https://kubernetes.io/docs/concepts/configuration/secret/).\n3. If you plan on supporting Single Log Out, you'll need to add a URL to which \nthe service will redirect after logging out (see `SAML_IDP_LOGOUT_URL` under\n[Configuration Options](#configuration-options)). \n\n# Configuration Options\n\nConfiguration is provided via environment variables.\n\n| Environment Variable  | Description                                                                               | Required?           |\n|-----------------------|-------------------------------------------------------------------------------------------|---------------------|\n| SAML_ID_ENTITY_ID     | The Entity ID specified in the SAML IdP metadata. This must be a URL.                     | Yes                 |\n| SAML_IDP_METADATA_CERT | The path to the SAML signing certificate file.                                            | Yes                 |\n| SAML_IDP_METADATA_KEY | The path to the SAML signing private key file.                                            | Yes                 |                                                                \n| SAML_IDP_USERS | The list of user credentials to accept                                                    | Yes                 |\n| SAML_IDP_BASE_URL | The base URL to use for the signin/logout endpoints. By default, it is the base host URL. | No                  |\n| SAML_IDP_LOGOUT_URL | The URL to redirect to after Single Log Out                                               | Only if SLO is used |\n| SAML_IDP_SHOW_USERS | If True, display a table of credentials on the login screen. Defaults to False.           | No |\n| SAML_IDP_ROUTER_PREFIX | If set, adds a prefix to all URLs. Default is empty. | No | \n| SAML_IDP_SECRET_KEY | If set, adds CSRF protection to the login page. | No, but recommended | \n\n## Defining Users \n\nYou can define credentials that are accepted using the `SAML_IDP_USERS` environment \nvariable. (You don't *have* to specify any users, but if you don't you can't log in\nand this service isn't very useful.) The format of `SAML_IDP_USERS` is a JSON list,\nwith each element in the list being the following format:\n\n```typescript\ninterface User {\n  username: string;\n  password: string;\n  attributes?: Record\u003cstring, string\u003e;\n}\n```\n\nOr if you prefer, in Python:\n\n```python\nclass User(TypedDict):\n    username: Required[str]\n    password: Required[str]\n    attributes: NotRequired[dict[str, str]]\n```\n\nIf `attributes` is specified, the service will include those as SAML Attributes \nin the AuthnResponse.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulcwatts%2Ftest-saml-idp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpaulcwatts%2Ftest-saml-idp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpaulcwatts%2Ftest-saml-idp/lists"}