Ever needed to test an SSO setup but don't have access to the IDP for whatever reason?
Mock IDP provides a SAML2.0 IDP using POST bindings without need for a user database or complicated enterprise software setup.
Mock-idp requires python 3.6 and pip
Install and run mock-idp using Pip:
$ pip3 install mock-idp
$ mock-idp
...
To override the system configuration create a config file. The service loads config files in the following order:
mockidp.yaml
in the current working directory~/.mockidp.yaml
in your home directory/etc/mockidp.yaml
in the global config directory- internal default config file shipped with the service package
Here is a sample (copy of built-in config) file to start with:
service_providers:
- name: "local:service:author"
response_url: "https://localhost:3000/saml_login"
users:
charlie:
first_name: "Charlie"
last_name: "Brown"
email: "[email protected]"
password: snoopy
linus:
first_name: "Linus"
last_name: "van Pelt"
email: "[email protected]"
password: pumpkin
lucy:
password: charlie
first_name: "Lucy"
last_name: "van Pelt"
email: "[email protected]"
peppermint:
first_name: "Peppermint"
last_name: "Patty"
email: "[email protected]"
password: peppermint
For each service provider (client) that uses the identity provider, an entry in the service providers section of the config is needed. It has two values:
service_providers:
- name: "local:aem:author"
response_url: "https://localhost:14502/saml_login"
- name is the service provider entity id that the service provider sends with each request.
- response_url is the public url of the service provider. Once login has been completed, the browser will be redirected to this url.
Users is a fairly self explanatory list of user credentials recognized by the IDP:
users:
charlie:
first_name: "Charlie"
last_name: "Brown"
email: "[email protected]"
password: snoopy
roles:
- administrators
- Mock-IDP supports the POST binding protocol of SAML2.0.
- By default mock-idp runs on port 5000 and the binding path is /saml.
- the response message provides four attributes:
- uid: The username
- email: the user email address
- firstName: The users first name
- lastName: The users last name
- The logout path is /saml/logout
To generate a service provider Certificate, run the following commands:
$ openssl genrsa -out saml.pem 2048
$ openssl req -new -key saml.pem -out saml.csr
$ openssl x509 -req -days 365 -in saml.csr -signkey saml.pem -out saml.crt
This will produce three files:
- saml.pem - The private key
- saml.csr - The certificate signing request
- saml.crt - The final certificate
Refer to your service provider documentation on how to install the certificate.
To run the base config just start the service and map port 5000
$ docker run -p 5000:5000 bjornskoglund/mock-idp:0.4.0
Provided you have produced your config file containing service providers and user account information. You can inject into a docker container by the following:
$ docker run -p 5000:5000 -v <absolute path to your config>.yaml:/usr/local/mock-idp/mockidp.yaml bjornskoglund/mock-idp
Copy the cert/cert.pem file into your Service Provider (SP), and be sure that the ISSUER (entity id) provided by the SP matches the name: of the Service Provider in your config.
Install pipenv with pip to handle dependencies
$ pip3 install pipenv
then install environment
$ pipenv install
Run from source:
$ PYTHONPATH=. pipenv run bin/mock-idp
...
All system config is located in mockidp/resources/default_config.yaml.
Mock-IDP has been tested with the following service providers
- Adobe Experience Manager (AEM) 6.2
- Node.js - saml2-js package