Page History

...

Conformance module repo: https://github.com/cicnavi/simplesamlphp-module-conformance

Trusted SP metadata handling

Test

...

IdP is configured with PDO metadata storage handler (it can use database to store SP metadata) in addition to plain PHP metadata files.

Conformance module exposes an HTML form which can be used to manually add additional SP metadata, either by pasting the SP metadata XML or by uploading the metadata XML file. 

The UI form is available here: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/metadata/add

In addition, there is additional endpoint which can be used to provision SP metadata dynamically (described below).

Available endpoints

Test modification

Endpoint to define next test for particular SP.

URI: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/test/setup

...

https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/test/setup?testId=noSignature&spEntityId=urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp

SP metadata provisioning

Endpoint to provision SP metadata which will be trusted by the Test IdP.

URI: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/metadata/persist

HTTP method: POST

Parameters:

• xmlData - optional (mandatory if xmlFile not provided)
  • valid values: SAML2 SP metadata XML string
  • example: <?xml version="1.0" encoding="utf-8"?>
    <md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp">
      <md:SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
        <md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/saml2-logout.php/good-sp"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/saml2-acs.php/good-sp" index="0"/>
        <md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/saml2-acs.php/good-sp" index="1"/>
      </md:SPSSODescriptor>
    </md:EntityDescriptor>
• xmlFile - optional (mandatory if xmlData not provided)
  • valid values: SAML SP XML metadata file
  • example: default-sp

IdP Initiated Login

IdP initiated login can be performed as per SimpleSAMLphp documentation: https://simplesamlphp.org/docs/2.1/simplesamlphp-idp-more.html

...