Download Metadata

SAMLtest Metadata

Remember to load the metadata of your partners: if you are an IdP, load SP metadata, and vice versa.

Both: https://samltest.id/saml/providers

SAMLTest SP only: https://samltest.id/saml/sp

SAMLTest IdP only: https://samltest.id/saml/idp

Table of Contents

Shibboleth

To load SAMLtest metadata in a Shibboleth 3.x IdP:

<MetadataProvider id="SAMLtest"
        xsi:type="FileBackedHTTPMetadataProvider"
        backingFile="%{idp.home}/metadata/SAMLtest.xml"
        metadataURL="https://samltest.id/saml/sp">
      <!-- You should always check the signature and freshness of remote
              metadata.  It's commented out until you get the basics working.
           <MetadataFilter xsi:type="SignatureValidation" 
                  certificateFile="%{idp.home}/credentials/signet.crt" />
           <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
        -->
</MetadataProvider>

To load SAMLtest metadata in a Shibboleth 3.x SP:

<MetadataProvider type="XML" validate="true"
        url="https://samltest.id/saml/idp"
        backingFilePath="SAMLtest.xml">
     <!-- You should always check the signature and freshness of remote
             metadata.  It's commented out until you get the basics working.
          <MetadataFilter type="RequireValidUntil" maxValidityInterval="2419200"/>
          <MetadataFilter type="Signature" certificate="signet.crt" verifyBackup="false"/>
        -->
</MetadataProvider>

These configuration directives should be added next to the other <MetadataProvider> elements in your configuration files.

Once you’ve done that, you may proceed to test your identity provider or service provider.

Complete Endpoints and Credentials

Of course, your configuration will depend on your software package. We just provide all the guidance we can. Some software is unable to consume metadata. We have extracted some relevant fields to help you configure this software:

SAMLtest’s SP

SAMLtest’s SP does not recognize the NameFormat urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified under any circumstances because it is nonsensical to specify that which is unspecified. Feel free to use any other NameFormat, but more uncommon NameFormats will only be noted in the logs rather than displayed as attributes.

entityID: https://samltest.id/saml/sp
SP-Initiated login: https://samltest.id/Shibboleth.sso/Login?entityID=<EntityID>
AssertionConsumerService URL: https://samltest.id/Shibboleth.sso/SAML2/POST
Encryption Certificate:

MIIERTCCAq2gAwIBAgIJAKmtzjCD1+tqMA0GCSqGSIb3DQEBCwUAMDUxMzAxBgNV
BAMTKmlwLTE3Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDAe
Fw0xODA4MTgyMzI0MjNaFw0yODA4MTUyMzI0MjNaMDUxMzAxBgNVBAMTKmlwLTE3
Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBALhUlY3SkIOze+l8y6dBzM6p7B8OykJWlwiz
szU16Lih8D7KLhNJfahoVxbPxB3YFM/81PJLOeK2krvJ5zY6CJyQY3sPQAkZKI7I
8qq9lmZ2g4QPqybNstXS6YUXJNUt/ixbbK/N97+LKTiSutbD1J7AoFnouMuLjlhN
5VRZ43jez4xLSHVZaYuUFKn01Y9oLKbj46LQnZnJCAGpTgPqEQJr6GpVGw43bKyU
pGoaPrdDRgRgtPMUWgFDkgcI3QiV1lsKfBs1t1E2UA7ACFnlJZpEuBtwgivzo3Ve
itiSaF3Jxh25EY5/vABpcgQQRz3RH2l8MMKdRsxb8VT3yh2S+CX55s+cN67LiCPr
6f2u+KS1iKfB9mWN6o2S4lcmo82HIBbsuXJV0oA1HrGMyyc4Y9nng/I8iuAp8or1
JrWRHQ+8NzO85DWK0rtvtLPxkvw0HK32glyuOP/9F05Z7+tiVIgn67buC0EdoUm1
RSpibqmB1ST2PikslOlVbJuy4Ah93wIDAQABo1gwVjA1BgNVHREELjAsgippcC0x
NzItMzEtMjgtNjQudXMtd2VzdC0yLmNvbXB1dGUuaW50ZXJuYWwwHQYDVR0OBBYE
FAdsTxYfulJ5yunYtgYJHC9IcevzMA0GCSqGSIb3DQEBCwUAA4IBgQB3J6i7Krei
HL8NPMglfWLHk1PZOgvIEEpKL+GRebvcbyqgcuc3VVPylq70VvGqhJxp1q/mzLfr
aUiypzfWFGm9zfwIg0H5TqRZYEPTvgIhIICjaDWRwZBDJG8D5G/KoV60DlUG0crP
BlIuCCr/SRa5ZoDQqvucTfr3Rx4Ha6koXFSjoSXllR+jn4GnInhm/WH137a+v35P
UcffNxfuehoGn6i4YeXF3cwJK4e35cOFW+dLbnaLk+Ty7HOGvpw86h979C6mJ9qE
HYgq9rQyzlSPbLZGZSgVcIezunOaOsWm81BsXRNNJjzHGCqKf8RMhd8oZP55+2/S
VRBwnkGyUNCuDPrJcymC95ZT2NW/KeWkz28HF2i31xQmecT2r3lQRSM8acvOXQsN
EDCDvJvCzJT9c2AnsnO24r6arPXs/UWAxOI+MjclXPLkLD6uTHV+Oo8XZ7bOjegD
5hL6/bKUWnNMurQNGrmi/jvqsCFLDKftl7ajuxKjtodnSuwhoY7NQy8=

SAMLtest’s IdP

Connection information:

entityID: https://samltest.id/saml/idp
Redirect SSO Location: https://samltest.id/idp/profile/SAML2/Redirect/SSO
POST SSO Location: https://samltest.id/idp/profile/SAML2/POST/SSO
Signing Certificate:

MIIDEjCCAfqgAwIBAgIVAMECQ1tjghafm5OxWDh9hwZfxthWMA0GCSqGSIb3DQEB
CwUAMBYxFDASBgNVBAMMC3NhbWx0ZXN0LmlkMB4XDTE4MDgyNDIxMTQwOVoXDTM4
MDgyNDIxMTQwOVowFjEUMBIGA1UEAwwLc2FtbHRlc3QuaWQwggEiMA0GCSqGSIb3
DQEBAQUAA4IBDwAwggEKAoIBAQC0Z4QX1NFKs71ufbQwoQoW7qkNAJRIANGA4iM0
ThYghul3pC+FwrGv37aTxWXfA1UG9njKbbDreiDAZKngCgyjxj0uJ4lArgkr4AOE
jj5zXA81uGHARfUBctvQcsZpBIxDOvUUImAl+3NqLgMGF2fktxMG7kX3GEVNc1kl
bN3dfYsaw5dUrw25DheL9np7G/+28GwHPvLb4aptOiONbCaVvh9UMHEA9F7c0zfF
/cL5fOpdVa54wTI0u12CsFKt78h6lEGG5jUs/qX9clZncJM7EFkN3imPPy+0HC8n
spXiH/MZW8o2cqWRkrw3MzBZW3Ojk5nQj40V6NUbjb7kfejzAgMBAAGjVzBVMB0G
A1UdDgQWBBQT6Y9J3Tw/hOGc8PNV7JEE4k2ZNTA0BgNVHREELTArggtzYW1sdGVz
dC5pZIYcaHR0cHM6Ly9zYW1sdGVzdC5pZC9zYW1sL2lkcDANBgkqhkiG9w0BAQsF
AAOCAQEASk3guKfTkVhEaIVvxEPNR2w3vWt3fwmwJCccW98XXLWgNbu3YaMb2RSn
7Th4p3h+mfyk2don6au7Uyzc1Jd39RNv80TG5iQoxfCgphy1FYmmdaSfO8wvDtHT
TNiLArAxOYtzfYbzb5QrNNH/gQEN8RJaEf/g/1GTw9x/103dSMK0RXtl+fRs2nbl
D1JJKSQ3AdhxK/weP3aUPtLxVVJ9wMOQOfcy02l+hHMb6uAjsPOpOVKqi3M8XmcU
ZOpx4swtgGdeoSpeRyrtMvRwdcciNBp9UZome44qZAYH1iqrpmmjsfI9pJItsgWu
3kXPjhSfj1AJGR1l9JGvJrHki1iHTA==

Attributes Sent

Friendly	Name	NameFormat
identifier	urn:oasis:names:tc:SAML:attribute:subject-id	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
uid	urn:oid:0.9.2342.19200300.100.1.1	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
mail	urn:oid:0.9.2342.19200300.100.1.3	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
sn (surname)	urn:oid:2.5.4.4	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
displayName	urn:oid:2.16.840.1.113730.3.1.241	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
telephoneNumber	urn:oid:2.5.4.20	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
givenName	urn:oid:2.5.4.42	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
role	https://samltest.id/attributes/role	urn:oasis:names:tc:SAML:2.0:attrname-format:uri
eduPersonEntitlement	urn:oid:1.3.6.1.4.1.5923.1.1.1.7	urn:oasis:names:tc:SAML:2.0:attrname-format:uri

SAMLtest is also capable of sending transient, email, and persistentId’s as NameID’s. Unspecified NameID’s are not supported because they’re, well, unspecified.