{"id":16205,"library":"saml-idp","title":"SAML Test Identity Provider","description":"The `saml-idp` package provides a straightforward and highly configurable SAML 2.0 Identity Provider (IdP) designed exclusively for local development and testing purposes. Its primary function is to help developers test Service Providers (SPs) against the SAML 2.0 Web Browser SSO Profile and the Single Logout Profile without needing access to a production-grade IdP. The current stable version is 1.2.1. It features a simple API (`runServer`) for programmatic use and a command-line interface for quick setup. A key differentiator is its explicit focus on being a non-production test utility, allowing full control over SAML assertions and user claims for debugging SP integrations. It is not intended for production systems due to its design simplicity and lack of robust security features expected in a production IdP.","status":"maintenance","version":"1.2.1","language":"javascript","source_language":"en","source_url":"https://github.com/mcguinness/saml-idp","tags":["javascript","saml","idp","okta"],"install":[{"cmd":"npm install saml-idp","lang":"bash","label":"npm"},{"cmd":"yarn add saml-idp","lang":"bash","label":"yarn"},{"cmd":"pnpm add saml-idp","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The package is primarily designed for CommonJS environments. Direct ESM imports might require specific Node.js configuration or bundler setup.","wrong":"import { runServer } from 'saml-idp';","symbol":"runServer","correct":"const { runServer } = require('saml-idp');"},{"note":"CommonJS named export access via direct property.","symbol":"runServer (alternative CJS)","correct":"const samlIdp = require('saml-idp');\nsamlIdp.runServer(...);"}],"quickstart":{"code":"const { runServer } = require('saml-idp');\nconst path = require('path');\nconst fs = require('fs');\n\n// Ensure you have generated these files with openssl:\n// openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=JankyCo/CN=Test Identity Provider' -keyout idp-private-key.pem -out idp-public-cert.pem -days 7300\n\nconst privateKeyPath = path.resolve(__dirname, 'idp-private-key.pem');\nconst publicKeyPath = path.resolve(__dirname, 'idp-public-cert.pem');\n\n// Basic example for starting an IdP server\nrunServer({\n  acsUrl: process.env.SP_ACS_URL ?? 'https://sp.example.com/auth/saml20/assertion-consumer',\n  audience: process.env.SP_AUDIENCE ?? 'https://sp.example.com/auth/saml20/metadata',\n  issuer: process.env.IDP_ISSUER ?? 'urn:example:test-idp',\n  key: fs.readFileSync(privateKeyPath, 'utf-8'),\n  cert: fs.readFileSync(publicKeyPath, 'utf-8'),\n  host: 'localhost',\n  port: 7000,\n  config: {\n    user: {\n      email: 'saml.jackson@example.com',\n      firstName: 'Saml',\n      lastName: 'Jackson',\n      userType: 'Admin'\n    },\n    metadata: [\n      { id: 'email', optional: false, displayName: 'E-Mail Address', description: 'The e-mail address', multiValue: false },\n      { id: 'firstName', optional: false, displayName: 'First Name', description: 'The first name', multiValue: false },\n      { id: 'lastName', optional: false, displayName: 'Last Name', description: 'The last name', multiValue: false },\n      { id: 'userType', optional: true, displayName: 'User Type', description: 'The type of user', options: ['Admin', 'Editor', 'Commenter'] }\n    ]\n  }\n});\n\nconsole.log('SAML IdP test server running at http://localhost:7000');","lang":"javascript","description":"This quickstart demonstrates how to programmatically start the `saml-idp` server, configure required SAML parameters, and define custom user attributes (claims) for assertions. It also highlights the necessity of pre-generating certificate files."},"warnings":[{"fix":"Do not use `saml-idp` outside of development and testing environments. For production, use a battle-tested and security-hardened Identity Provider solution.","message":"This library is explicitly designed for testing purposes only and is **not intended for use with production systems.** Deploying `saml-idp` in a production environment could lead to severe security vulnerabilities due to its simplified security model.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Generate the key pair using OpenSSL with the command: `openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=JankyCo/CN=Test Identity Provider' -keyout idp-private-key.pem -out idp-public-cert.pem -days 7300`. Ensure these files are accessible to the `saml-idp` process or specify custom paths via the `key` and `cert` options.","message":"A self-signed certificate key pair (`idp-private-key.pem` and `idp-public-cert.pem`) is required for the IdP to function, but these files are not automatically generated by the package installation.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Ensure generated private keys are securely stored and used only within isolated test environments. Regenerate keys immediately if compromise is suspected.","message":"The private key generated for the IdP signing certificate (`idp-private-key.pem`) should be unique to your test IdP instance and must never be shared or exposed.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"Provide all mandatory options to `runServer` or as command-line arguments. For `cert` and `key`, ensure the certificate files exist at the specified paths and are readable by the Node.js process. For `acsUrl` and `issuer`, provide valid URI strings.","cause":"The `cert` option (path to the IdP's public certificate) was not provided or the file could not be read. Similarly, `key`, `acsUrl`, and `issuer` are also required.","error":"Missing required option: cert"}],"ecosystem":"npm"}