Testing WSO2 IS with samltest.id : IdP Test

4 min readFeb 14, 2019

If you ever need to test your SAML 2.0 configuration quickly, then samltest.id is the way to go. It is free testing service for SAML 2.0. They have a Shibboleth 3.x IdP and a SP pre-configured. You just have to upload your metadata and configure your IdP or SP. Then you can begin testing. It is as simple as that. In this article I will tell you how you can test WSO2 Identity Server’s IdP with samltest.id. We will be using WSO2 IS 5.7.0 which is the latest release of Identity Server at the time of this article being written.

Configuring SAML SSO with Static Metadata Files

Getting Started

In this test we will use Identity Sever as the IdP. We will test it out with the SP in samltest.id. You can download the latest release of Identity Sever from here, if you haven’t downloaded it already. You can refer this installation guide if you are new to WSO2 Identity Sever.

SAML Test’s SP uses IdP’s entity id to load the corresponding metadata file for the IdP. The default entity id of the resident IdP is “localhost”. Let’s change this into a more unique one.

To configure this click resident under Identity Providers and go to Inbound Authentication Configuration → SAML2 Web SSO Configuration.

Change the Identity Provider Entity ID to something like “wso2is”.

Configure Resident Identity Provider’s Entity ID in IS

Configuring a SP in Identity Server

Then you need to configure a service provider in WSO2 Identity Sever corresponding to the SP in samltest.id. You can find the details of this SP here.

SAMLtest’s SP

entityID: https://samltest.id/saml/sp
SP-Initiated login: https://samltest.id/Shibboleth.sso/Login
AssertionConsumerService URL: https://samltest.id/Shibboleth.sso/SAML2/POST
Encryption Certificate:

MIIERTCCAq2gAwIBAgIJAKmtzjCD1+tqMA0GCSqGSIb3DQEBCwUAMDUxMzAxBgNV
BAMTKmlwLTE3Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDAe
Fw0xODA4MTgyMzI0MjNaFw0yODA4MTUyMzI0MjNaMDUxMzAxBgNVBAMTKmlwLTE3
Mi0zMS0yOC02NC51cy13ZXN0LTIuY29tcHV0ZS5pbnRlcm5hbDCCAaIwDQYJKoZI
hvcNAQEBBQADggGPADCCAYoCggGBALhUlY3SkIOze+l8y6dBzM6p7B8OykJWlwiz
szU16Lih8D7KLhNJfahoVxbPxB3YFM/81PJLOeK2krvJ5zY6CJyQY3sPQAkZKI7I
8qq9lmZ2g4QPqybNstXS6YUXJNUt/ixbbK/N97+LKTiSutbD1J7AoFnouMuLjlhN
5VRZ43jez4xLSHVZaYuUFKn01Y9oLKbj46LQnZnJCAGpTgPqEQJr6GpVGw43bKyU
pGoaPrdDRgRgtPMUWgFDkgcI3QiV1lsKfBs1t1E2UA7ACFnlJZpEuBtwgivzo3Ve
itiSaF3Jxh25EY5/vABpcgQQRz3RH2l8MMKdRsxb8VT3yh2S+CX55s+cN67LiCPr
6f2u+KS1iKfB9mWN6o2S4lcmo82HIBbsuXJV0oA1HrGMyyc4Y9nng/I8iuAp8or1
JrWRHQ+8NzO85DWK0rtvtLPxkvw0HK32glyuOP/9F05Z7+tiVIgn67buC0EdoUm1
RSpibqmB1ST2PikslOlVbJuy4Ah93wIDAQABo1gwVjA1BgNVHREELjAsgippcC0x
NzItMzEtMjgtNjQudXMtd2VzdC0yLmNvbXB1dGUuaW50ZXJuYWwwHQYDVR0OBBYE
FAdsTxYfulJ5yunYtgYJHC9IcevzMA0GCSqGSIb3DQEBCwUAA4IBgQB3J6i7Krei
HL8NPMglfWLHk1PZOgvIEEpKL+GRebvcbyqgcuc3VVPylq70VvGqhJxp1q/mzLfr
aUiypzfWFGm9zfwIg0H5TqRZYEPTvgIhIICjaDWRwZBDJG8D5G/KoV60DlUG0crP
BlIuCCr/SRa5ZoDQqvucTfr3Rx4Ha6koXFSjoSXllR+jn4GnInhm/WH137a+v35P
UcffNxfuehoGn6i4YeXF3cwJK4e35cOFW+dLbnaLk+Ty7HOGvpw86h979C6mJ9qE
HYgq9rQyzlSPbLZGZSgVcIezunOaOsWm81BsXRNNJjzHGCqKf8RMhd8oZP55+2/S
VRBwnkGyUNCuDPrJcymC95ZT2NW/KeWkz28HF2i31xQmecT2r3lQRSM8acvOXQsN
EDCDvJvCzJT9c2AnsnO24r6arPXs/UWAxOI+MjclXPLkLD6uTHV+Oo8XZ7bOjegD
5hL6/bKUWnNMurQNGrmi/jvqsCFLDKftl7ajuxKjtodnSuwhoY7NQy8=

Start up the Identity Server and log into the management console. Add a new service provider by clicking Add under Service Provider. Register the service provider by giving a name.(ex: samltest.id)

Paste the public certificate of SAML test’s SP to the Application Certificate text box.

Adding SAML test SP’s public certificate

Next expand Inbound Authentication Configuration → SAML2 Web SSO Configuration and click Configure.

Then configure the service provider with the details you obtained from SAML test site as follows.

Please note that you have to change the default NameID format to urn:oasis:names:tc:SAML:2.0:nameid-format:persistent since it is the format expected by SAML test site.

After you have configured the SP click Download IDP Metadata to download the Identity Sever’s IdP metadata file.

Uploading IdP Metadata to SAML Test

Go to Metadata Upload Form in SAML Test’s site and upload the IdP metadata file you downloaded earlier.

Doing the Test at SAML Test

Go to test your IdP in SAML Test’s site. Provide the entity ID you configured earlier for the IdP in the Login Initiator text box.

After this you will prompted in to the Identity Server for user login. Log in by giving the credentials. If you have configured everything correctly you should be logged in and you will be redirected to SAML Test’s landing page.

That’s it! Similarly we can also test Identity Sever as a SP. We will talk about this in a future article.