{"id":44835134,"url":"https://github.com/pfrest/mock-saml2-idp","last_synced_at":"2026-02-17T01:12:16.837Z","repository":{"id":317943961,"uuid":"1066860738","full_name":"pfrest/mock-saml2-idp","owner":"pfrest","description":"A simple SAML2 IdP for testing and developing SAML2 SPs","archived":false,"fork":false,"pushed_at":"2025-12-01T05:52:46.000Z","size":201,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-12-03T16:53:44.081Z","etag":null,"topics":["ci","idp","saml2","sso"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pfrest.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-09-30T04:09:22.000Z","updated_at":"2025-12-01T05:52:40.000Z","dependencies_parsed_at":"2025-10-04T03:38:25.749Z","dependency_job_id":null,"html_url":"https://github.com/pfrest/mock-saml2-idp","commit_stats":null,"previous_names":["pfrest/mock-saml2-idp"],"tags_count":4,"template":false,"template_full_name":null,"purl":"pkg:github/pfrest/mock-saml2-idp","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfrest%2Fmock-saml2-idp","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfrest%2Fmock-saml2-idp/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfrest%2Fmock-saml2-idp/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfrest%2Fmock-saml2-idp/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pfrest","download_url":"https://codeload.github.com/pfrest/mock-saml2-idp/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pfrest%2Fmock-saml2-idp/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29528470,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-17T00:57:22.232Z","status":"ssl_error","status_checked_at":"2026-02-17T00:54:25.811Z","response_time":115,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ci","idp","saml2","sso"],"created_at":"2026-02-17T01:12:15.921Z","updated_at":"2026-02-17T01:12:16.829Z","avatar_url":"https://github.com/pfrest.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Mock SAML2 Identity Provider (IdP)\n\n[![Build](https://github.com/pfrest/mock-saml2-idp/actions/workflows/build.yml/badge.svg)](https://github.com/pfrest/mock-saml2-idp/actions/workflows/build.yml)\n[![Quality](https://github.com/pfrest/mock-saml2-idp/actions/workflows/quality.yml/badge.svg)](https://github.com/pfrest/mock-saml2-idp/actions/workflows/quality.yml)\n[![Release](https://github.com/pfrest/mock-saml2-idp/actions/workflows/release.yml/badge.svg)](https://github.com/pfrest/mock-saml2-idp/actions/workflows/release.yml)\n\n`mock-saml2-idp` is a radically simple SAML2 Identity Provider (IdP) for testing and developing SAML2 Service Providers\n(SPs), all wrapped up in a single, easy-to-use Docker container. It supports highly configurable user attributes and\nautomatic logins to facilitate automated testing via CI/CD pipelines.\n\n## Getting Started\n\nTo get started with `mock-saml2-idp`, you'll need to have [Docker](https://docs.docker.com/get-started/get-docker/)\ninstalled on your machine. Once Docker is installed and running, you can pull the `mock-saml2-idp` image from the\nGitHub Container Registry:\n\n```bash\ndocker pull ghcr.io/pfrest/mock-saml2-idp:latest\n```\n\n### Running the Container\n\nAs a minimal example, you can run the container with the following command:\n\n```bash\ndocker run \\\n-p 8080:8080 \\\n-p 8443:8443 \\\n-e SP_ACS_LOCATION=http://example.com/saml/acs/ \\\n-e SP_ENTITY_ID=http://example.com \\\n-d ghcr.io/pfrest/mock-saml2-idp:latest\n```\n\n\u003e [!NOTE]\n\u003e You will need to set the environment variables to match your SAML2 Service Provider (SP) configuration. See the\n\u003e [Variables section](#variables) below for more information on available environment variables.\n\n## Variables\n\nThe IdP can be configured using environment variables. While most variables can be left at their default values, but\nyou may need to configure the IdP to match your SP's specific requires or to emulate different scenarios. Below is a list\nof all available environment variables:\n\n| Variable | Description | Required | Default |\n| ------------------------------- | ---------------------------------------------------------------------------------------------- | -------- | ------------------------------------------------------ |\n| `SP_ENTITY_ID` | The Entity ID of the SAML2 Service Provider (SP). | Yes | |\n| `SP_ACS_LOCATION` | The Assertion Consumer Service (ACS) URL of the SAML2 Service Provider (SP). | Yes | |\n| `SP_ACS_BINDING` | The ACS binding type. Either `POST` or `REDIRECT`. | No | `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST` |\n| `SP_SLO_LOCATION` | The Single Logout (SLO) URL of the SAML2 Service Provider (SP). | No | ` ` |\n| `SP_SLO_BINDING` | The SLO binding type. Either `POST` or `REDIRECT`. | No | `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect` |\n| `IDP_ENTITY_ID` | The Entity ID of the Identity Provider (IdP). | No | `mock-saml2-idp` |\n| `IDP_CERT_FILE` | The path to the X.509 certificate file to use for signing/encrypting SAML assertions. | No | `/app/certs/idp.crt` |\n| `IDP_KEY_FILE` | The path to the private key file to use for signing/encrypting SAML assertions. | No | `/app/certs/idp.key` |\n| `IDP_AUTH_MODE` | The authentication mode. Either `basic` (username/password) or `auto` (automatic login) | No | `basic` |\n| `IDP_NAMEID_FORMAT` | The NameID format to use. It is recommended to use the default. | No | `urn:oasis:names:tc:SAML:2.0:nameid-format:persistent` |\n| `IDP_NAMEID_ATTRIBUTE` | The name of the user attribute to use as the NameID. | No | `uid` |\n| `IDP_USER_NAME` | The username of the IdP user to create. By default this is also used as the `uid` | No | `mock-saml2-idp-user` |\n| `IDP_USER_NAME_ATTRIBUTE` | The attribute name to use for the user's username. | No | `username` |\n| `IDP_USER_UID` | The UID of the IdP user to create. This sets the user's `uid` attribute. | No | `${IDP_USER_NAME}` |\n| `IDP_USER_UID_ATTRIBUTE` | The attribute name to use for the user's UID. | No | `uid` |\n| `IDP_USER_PASSWORD` | The password of the IdP user to create. Note this only applies to the `basic` auth mode. | No | `mock-saml2-idp-password` |\n| `IDP_USER_FIRST_NAME` | The first name of the IdP user to create. This sets the user's `first_name` attribute. | No | `Mock` |\n| `IDP_USER_FIRST_NAME_ATTRIBUTE` | The attribute name to use for the user's first name. | No | `first_name` |\n| `IDP_USER_LAST_NAME` | The last name of the IdP user to create. This sets the user's `last_name` attribute. | No | `User` |\n| `IDP_USER_LAST_NAME_ATTRIBUTE` | The attribute name to use for the user's last name. | No | `last_name` |\n| `IDP_USER_EMAIL` | The email address of the user to create. This sets the user's `email` attribute. | No | `mock-saml2-idp-user@example.com` |\n| `IDP_USER_EMAIL_ATTRIBUTE` | The attribute name to use for the user's email address. | No | `email` |\n| `IDP_USER_GROUPS` | Comma-separated list of groups to assign to the user. This sets the user's `groups` attribute. | No | `group1,group2` |\n| `IDP_USER_GROUPS_ATTRIBUTE` | The attribute name to use for the user's group memberships | No | `groups` |\n| `IDP_USER_CUSTOM_ATTRIBUTES` | A JSON string defining any additional custom user attributes to set. | No | `{}` |\n\n\u003e [!NOTE]\n\u003e\n\u003e - Configuring multiple users is not supported. The container is designed to create a single user for testing purposes.\n\u003e This IdP is not designed to act as a user directory.\n\u003e - If the `IDP_CERT_FILE` and `IDP_KEY_FILE` environment variables are not set or the specified files do not exist, a\n\u003e self-signed certificate and key will be generated automatically during container startup.\n\n## Configuring Your Service Provider (SP)\n\nOnce you have the container running, you will need to configure your SAML2 Service Provider (SP) to trust the\n`mock-saml2-idp`.\n\n### Automatic Configuration\n\nIf your SP supports automatic configuration via a metadata URL, you can use the following URL to retrieve the IdP:\n\n```\n/sso/saml2/idp/metadata.php\n```\n\nFor example, if you are running the container locally on port 8443, the fully metadata URL to configure in your SP would be:\n\n```\nhttps://localhost:8443/sso/saml2/idp/metadata.php\n```\n\n\u003e [!IMPORTANT]\n\u003e Your `mock-saml2-idp` instance must be reachable from your SP directly if you are using automatic configuration via\n\u003e the metadata URL. If your SP cannot reach the IdP at the specified URL (e.g., blocked by a firewall, no route to\n\u003e host, etc.), you will need to use manual configuration to proceed.\n\n### Manual Configuration\n\nIf your SP does not support automatic configuration via a metadata URL, or you still need to test manual configuration,\nyou can easily and programmatically pull the IdP configuration using `mock-saml2-idp`'s /api/settings.php endpoint to\nretrieve the necessary configuration details. This endpoint requires no authentication and returns a JSON response with\nall the necessary information to configure your SP.\n\nBelow is an example request to the /api/settings.php endpoint:\n\n```bash\ncurl -k https://localhost:8443/api/settings.php\n```\n\n```json\n{\n \"idp_entity_id\": \"mock-saml2-idp\",\n \"idp_cert_path\": \"/app/certs/idp.crt\",\n \"idp_key_path\": \"/app/certs/idp.key\",\n \"idp_cert\": \"-----BEGIN CERTIFICATE-----\\nMIIFmTCCA4GgAwI...pVV2cckEMt0IGpu8lIR3\\n-----END CERTIFICATE-----\\n\",\n \"idp_metadata_url\": \"/sso/module.php/saml/idp/metadata.php\",\n \"idp_sso_url\": \"/sso/module.php/saml/idp/singleSignOnService\",\n \"idp_slo_url\": \"/sso/module.php/saml/idp/singleLogout\",\n \"idp_auth_mode\": \"basic\",\n \"idp_nameid_format\": \"urn:oasis:names:tc:SAML:2.0:nameid-format:persistent\",\n \"idp_nameid_attribute\": \"uid\",\n \"idp_user_name\": \"mock-saml2-idp-user\",\n \"idp_user_name_attribute\": \"username\",\n \"idp_user_uid\": \"mock-saml2-idp-user\",\n \"idp_user_uid_attribute\": \"uid\",\n \"idp_user_password\": \"mock-saml2-idp-password\",\n \"idp_user_first_name\": \"Mock\",\n \"idp_user_first_name_attribute\": \"first_name\",\n \"idp_user_last_name\": \"User\",\n \"idp_user_last_name_attribute\": \"last_name\",\n \"idp_user_email\": \"mock-saml2-idp-user@example.com\",\n \"idp_user_email_attribute\": \"email\",\n \"idp_user_groups\": [\"group1\", \"group2\"],\n \"idp_user_groups_attribute\": \"groups\",\n \"idp_user_custom_attributes\": [],\n \"sp_entity_id\": \"https://localhost/sso/metadata/\",\n \"sp_acs_location\": \"https://localhost/sso/acs/\",\n \"sp_acs_binding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\",\n \"sp_slo_location\": \"\",\n \"sp_slo_binding\": \"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\"\n}\n```\n\n\u003e [!NOTE]\n\u003e You will need to piece together the full URLs for the metadata, SSO, and SLO endpoints using the base URL of your\n\u003e `mock-saml2-idp` instance when configuring your SP.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpfrest%2Fmock-saml2-idp","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpfrest%2Fmock-saml2-idp","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpfrest%2Fmock-saml2-idp/lists"}