SAML Test Identity Provider

1.2.1 · maintenance · verified Tue Apr 21

The `saml-idp` package provides a straightforward and highly configurable SAML 2.0 Identity Provider (IdP) designed exclusively for local development and testing purposes. Its primary function is to help developers test Service Providers (SPs) against the SAML 2.0 Web Browser SSO Profile and the Single Logout Profile without needing access to a production-grade IdP. The current stable version is 1.2.1. It features a simple API (`runServer`) for programmatic use and a command-line interface for quick setup. A key differentiator is its explicit focus on being a non-production test utility, allowing full control over SAML assertions and user claims for debugging SP integrations. It is not intended for production systems due to its design simplicity and lack of robust security features expected in a production IdP.

Common errors

Warnings

Install

Imports

Quickstart

This quickstart demonstrates how to programmatically start the `saml-idp` server, configure required SAML parameters, and define custom user attributes (claims) for assertions. It also highlights the necessity of pre-generating certificate files.

const { runServer } = require('saml-idp');
const path = require('path');
const fs = require('fs');

// Ensure you have generated these files with openssl:
// openssl req -x509 -new -newkey rsa:2048 -nodes -subj '/C=US/ST=California/L=San Francisco/O=JankyCo/CN=Test Identity Provider' -keyout idp-private-key.pem -out idp-public-cert.pem -days 7300

const privateKeyPath = path.resolve(__dirname, 'idp-private-key.pem');
const publicKeyPath = path.resolve(__dirname, 'idp-public-cert.pem');

// Basic example for starting an IdP server
runServer({
  acsUrl: process.env.SP_ACS_URL ?? 'https://sp.example.com/auth/saml20/assertion-consumer',
  audience: process.env.SP_AUDIENCE ?? 'https://sp.example.com/auth/saml20/metadata',
  issuer: process.env.IDP_ISSUER ?? 'urn:example:test-idp',
  key: fs.readFileSync(privateKeyPath, 'utf-8'),
  cert: fs.readFileSync(publicKeyPath, 'utf-8'),
  host: 'localhost',
  port: 7000,
  config: {
    user: {
      email: 'saml.jackson@example.com',
      firstName: 'Saml',
      lastName: 'Jackson',
      userType: 'Admin'
    },
    metadata: [
      { id: 'email', optional: false, displayName: 'E-Mail Address', description: 'The e-mail address', multiValue: false },
      { id: 'firstName', optional: false, displayName: 'First Name', description: 'The first name', multiValue: false },
      { id: 'lastName', optional: false, displayName: 'Last Name', description: 'The last name', multiValue: false },
      { id: 'userType', optional: true, displayName: 'User Type', description: 'The type of user', options: ['Admin', 'Editor', 'Commenter'] }
    ]
  }
});

console.log('SAML IdP test server running at http://localhost:7000');

view raw JSON →