Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/beryju/saml-test-sp

SAML Service Provider for end-to-end and unittesting
https://github.com/beryju/saml-test-sp

e2e golang saml saml-service-provider sso unittest

Last synced: 17 days ago
JSON representation

SAML Service Provider for end-to-end and unittesting

Host: GitHub
URL: https://github.com/beryju/saml-test-sp
Owner: BeryJu
License: gpl-3.0
Created: 2020-06-20T18:07:26.000Z (over 4 years ago)
Default Branch: main
Last Pushed: 2024-06-05T05:09:32.000Z (5 months ago)
Last Synced: 2024-10-14T13:15:11.085Z (about 1 month ago)
Topics: e2e, golang, saml, saml-service-provider, sso, unittest
Language: Go
Homepage: https://github.com/BeryJu/saml-test-sp/pkgs/container/saml-test-sp
Size: 99.6 KB
Stars: 14
Watchers: 4
Forks: 6
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# SAML-test-SP

![GitHub Workflow Status](https://img.shields.io/github/actions/workflow/status/beryju/saml-test-sp/ci-build.yml?branch=main&style=for-the-badge)

This is a small, golang-based SAML Service Provider, to be used in End-to-end or other testing. It uses the https://github.com/crewjam/saml Library for the actual SAML Logic.

SAML-test-SP supports IdP-initiated Login flows, *however* RelayState has to be empty for this to work.

This tool is full configured using environment variables.

## URLs

- `http://localhost:9009/health`: Healthcheck URL, used by the docker healtcheck.
- `http://localhost:9009/saml/acs`: SAML ACS URL, needed to configure your IdP.
- `http://localhost:9009/saml/metadata`: SAML Metadata URL, needed to configure your IdP.
- `http://localhost:9009/saml/logout`: SAML Logout URL.
- `http://localhost:9009/`: Test URL, redirects to SAML SSO URL.

## Configuration

- `SP_BIND`: Which address and port to bind to. Defaults to `0.0.0.0:9009`.
- `SP_ROOT_URL`: Root URL you're using to access the SP. Defaults to `http://localhost:9009`.
- `SP_ENTITY_ID`: SAML EntityID, defaults to `saml-test-sp`
- `SP_METADATA_URL`: Optional URL that metadata is fetched from. The metadata is fetched on the first request to `/`
---
- `SP_SSO_URL`: If the metadata URL is not configured, use these options to configure it manually.
- `SP_SSO_BINDING`: Binding Type used for the IdP, defaults to POST. Allowed values: `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST` and `urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect`
- `SP_SIGNING_CERT`: PEM-encoded Certificate used for signing, with the PEM Header and all newlines removed.
---
Optionally, if you want to use SSL, set these variables
- `SP_SSL_CERT`: Path to the SSL Certificate the server should use.
- `SP_SSL_KEY`: Path to the SSL Key the server should use.
- `SP_SIGN_REQUESTS`: Enable signing of requests.

Note: If you're manually setting `SP_ROOT_URL`, ensure that you prefix that URL with https.

## Running

This service is intended to run in a docker container

```
# beryju.org is a vanity URL for ghcr.io/beryju
docker pull beryju.io/saml-test-sp
docker run -d --rm \
-p 9009:9009 \
-e SP_ENTITY_ID=saml-test-sp \
-e SP_SSO_URL=http://id.beryju.io/... \
beryju.io/saml-test-sp
```

Or if you want to use docker-compose, use this in your `docker-compose.yaml`.

```yaml
version: '3.5'

services:
saml-test-sp:
image: beryju.io/saml-test-sp
ports:
- 9009:9009
environment:
SP_METADATA_URL: http://some.site.tld/saml/metadata
# If you don't want SSL, cut here
SP_SSL_CERT: /fullchain.pem
SP_SSL_KEY: /privkey.pem
volumes:
- ./fullchain.pem:/fullchain.pem
- ./privkey.pem:/privkey.pem
```