August 16, 2018

Privacy Policy

Who we are

Our website address is: https://samltest.id. We are legally owned by Signet, Inc. of Colorado.

What personal data we collect and why we collect it

Metadata

In order to trust your provider and thus to operate our service, we are required to collect information about your provider through the form of SAML 2.0 Metadata. You do not need to use entityID’s that resolve to publicly addressable URL’s unless you wish to use that form of submission.

Your metadata will never be shared nor used for commercial purposes and it will remain available on SAMLtest as long as the entityID is unique.

We may need to look at the contents of metadata files, particularly for debugging purposes.

Protocol Data

SAMLtest deliberately exposes its logs to allow testers to have full visibility into both ends of a transaction. This logging is done on DEBUG, which captures the full content of SAML 2.0 Assertions. Such assertions may contain personally identifying information.

DO NOT SEND ANY SENSITIVE INFORMATION TO SAMLTEST. It will be automatically visible to anyone who happens to be browsing the logs. Instead, use dummy accounts and data when it is important to conceal anything sensitive.

Passwords for ECP

We are required to collect a password to perform the service of ECP testing when acting as the user agent. These passwords are never stored, logged, or retained in any way. But seriously, please, use dummy accounts.

Analytics

We do not track your browser in any way beyond the basic access logs and temporary cookies necessary to provide web services.