Mock SAML 2.0 Identity Provider
Project description
Mock IDP
Ever needed to test an SSO setup but don't have access to the IDP for whatever reason?
Mock IDP provides a SAML2.0 IDP using POST bindings without need for a user database or complicated enterprise software setup.
Prerequisites
Mock-idp requires python 3.6 and pip
Installation
Install and run mock-idp using Pip:
$ pip3 install mock-idp
$ mock-idp
...
Configuration File
To override the system configuration create a config file. The service loads config files in the following order:
mockidp.yaml
in the current working directory~/.mockidp.yaml
in your home directory/etc/mockidp.yaml
in the global config directory- internal default config file shipped with the service package
Here is a sample (copy of built-in config) file to start with:
service_providers:
- name: "local:service:author"
response_url: "http://localhost:3000/saml_login"
users:
charlie:
first_name: "Charlie"
last_name: "Brown"
email: "charlie@gmail.com"
password: snoopy
linus:
first_name: "Linus"
last_name: "van Pelt"
email: "linus@gmail.com"
password: pumpkin
lucy:
password: charlie
first_name: "Lucy"
last_name: "van Pelt"
email: "lucy@gmail.com"
peppermint:
first_name: "Peppermint"
last_name: "Patty"
email: "peppermint@gmail.com"
password: peppermint
Service providers
For each service provider (client) that uses the identity provider, an entry in the service providers section of the config is needed. It has two values:
service_providers:
- name: "local:aem:author"
response_url: "http://localhost:14502/saml_login"
- name is the service provider entity id that the service provider sends with each request.
- response_url is the public url of the service provider. Once login has been completed, the browser will be redirected to this url.
Users
Users is a fairly self explanatory list of user credentials recognized by the IDP:
users:
charlie:
first_name: "Charlie"
last_name: "Brown"
email: "charlie@gmail.com"
password: snoopy
roles:
- administrators
Configuring a generic Service Provider
- Mock-IDP supports the POST binding protocol of SAML2.0.
- By default mock-idp runs on port 5000 and the binding path is /saml.
- the response message provides four attributes:
- uid: The username
- email: the user email address
- firstName: The users first name
- lastName: The users last name
- The logout path is /saml/logout
Certificate keys
To generate a service provider Certificate, run the following commands:
$ openssl genrsa -out saml.pem 2048
$ openssl req -new -key saml.pem -out saml.csr
$ openssl x509 -req -days 365 -in saml.csr -signkey saml.pem -out saml.crt
This will produce three files:
- saml.pem - The private key
- saml.csr - The certificate signing request
- saml.crt - The final certificate
Refer to your service provider documentation on how to install the certificate.
Running using Docker
Import local config into a docker container
Provided you have produced your config file containing service providers and user account information. You can inject into a docker container by the following:
$ docker run -p 5000:5000 -v <absolute path to your config>.yaml:/usr/local/mock-idp/mockidp/resources/default_config.yaml bjornskoglund/mock-idp:0.2.1
Copy the cert/cert.pem file into your Service Provider (SP), and be sure that the ISSUER (entity id) provided by the SP matches the name: of the Service Provider in your config.
Development
Setup
Install pipenv with pip to handle dependencies
$ pip3 install -r requirements.txt
then install environment
$ pipenv install
Run from source:
$ pipenv run ./bin/mock-idp
...
All system config is located in mockidp/resources/default_config.yaml.
Compatibility
Mock-IDP has been tested with the following service providers
- Adobe Experience Manager (AEM) 6.2
- Node.js - saml2-js package
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distributions
Built Distribution
Hashes for mock_idp-0.4.0b1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1592cec50bedc01d444235985747d7bfe17a52fd0cdd647916b8244ff2d26ff4 |
|
MD5 | 25fdb50eca46d35c465a6605a5d1d300 |
|
BLAKE2b-256 | 0d10c742a043772d836f79172cd9a865cbe0a550f87b30f23ac812600e24041d |