You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

The test environment is set up with several Docker containers with a reverse proxy in front of them, all hosted on a single virtual machine (VM).

The main domain is maiv1.incubator.geant.org, supplemented by the registered wildcard domain *.maiv1.incubator.geant.org, allowing for an unlimited number of subdomain virtual hosts.

Virtual host certificates are obtained using acme.sh, available at https://github.com/acmesh-official/acme.sh

The Git repository for the entire setup is internally available here (expect significant changes during Incubator activity): https://gitlab.software.geant.org/TI_Incubator/saml-signature-validation-test-env

Test IdP

The test IdP is a SimpleSAMLphp v2.1 instance with a configured IdP and installed 'conformance' module (authentication processing filter) that can modify SAML Responses sent to trusted SPs, with pre-configured trust for several test SPs.

IdP metadata: https://conformance-idp.maiv1.incubator.geant.org/module.php/saml/idp/metadata

Admin dashboard: https://conformance-idp.maiv1.incubator.geant.org/module.php/admin/

Conformance module repo: https://github.com/cicnavi/simplesamlphp-module-conformance

Test modification endpoints

Endpoint to define next test for particular SP

URI: https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/test/setup

HTTP method: GET

Parameters:

  • testId
    • valid values: standardResponse | noSignature | invalidSignature
    • example: noSignature
  • spEntityId
    • valid values: any trusted SP Entity ID
    • example: urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp


For example, to specify that the next test for the SP 'urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp' should be the one that doesn't sign the SAML Response:

https://conformance-idp.maiv1.incubator.geant.org/module.php/conformance/test/setup?testId=noSignature&spEntityId=urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp

IdP Initiated Login

IdP initiated login can be performed as per SimpleSAMLphp documentation: https://simplesamlphp.org/docs/2.1/simplesamlphp-idp-more.html

Sample URI to initiate login to SP 'urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp':

https://conformance-idp.maiv1.incubator.geant.org/saml2/idp/SSOService.php?spentityid=urn:x-simplesamlphp:geant:incubator:simplesamlphp-sp:good-sp

Sample SPs and Related Apps

SimpleSAMLphp

SimpleSAMLphp v2.1 instance with configured SPs listed below is featuring a code modification to skip signature checks for 'bad' SPs for simulation purposes.

Admin dashboard: https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/admin/

List of apps: https://simplesamlphp-sp.maiv1.incubator.geant.org/

Good SP / App

Metadata: https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/metadata/good-sp

App: https://simplesamlphp-sp.maiv1.incubator.geant.org/php-app-good-ssp-sp/

Bad SP / App

Metadata: https://simplesamlphp-sp.maiv1.incubator.geant.org/simplesaml/module.php/saml/sp/metadata/bad-sp

App: https://simplesamlphp-sp.maiv1.incubator.geant.org/php-app-bad-ssp-sp/

KeyCloak

Instance available here: https://keycloak.maiv1.incubator.geant.org/

TODO configuration

Shibboleth

TODO

  • No labels