Free IDP for development and testing

Aug 14, 2014 at 3:40 PM
@i8beef it looks like you've been without an IDP for a while. I'd love to see this code base keep growing (I really like the improvements that have been made over OIOSAML). Just wanted to let you know that you can get a full featured free IDP here:

http://www.centrify.com/saas/free-saas-single-sign-on.asp

I'm getting ready to use this project to tie my Umbraco site (SP) to the Centrify User Suite (IDP).
Coordinator
Aug 14, 2014 at 11:27 PM
I have indeed (Job change). That has made it impossible for me to test changes which has made me gun shy to implementing changes as the only maintainer. I'm planning on putting out a small release soon of bug fixes and such, but some of the more ambitious pieces I'd like to do like creating a code based configuration option, etc., will need to wait.

This looks really promising... haven't seen whether it is SAML 1.1 or SAML 2 yet, but I may take a look at this, thanks!
Aug 15, 2014 at 5:40 PM
Edited Aug 15, 2014 at 5:40 PM
I used a free account myself for testing this out so I could be an admin on the IdP and work out the kinks. I'm almost ready to take it to my IT guys to setup in our production environment. Thought I'd share a couple pointers while they are fresh in my mind. When you log in there are two faces: admin (aka Cloud Manager) and end user (aka User Portal). From Cloud Manager you can add a Generic SAML app:

http://imgur.com/3psKZt5

Image

The configuration for it includes downloading the IdP metadata file (SAML 2.0) which worked nicely with SAML2 when I dropped it in a ./Config/IDP and updated the config's METADATA to point there. I didn't end up needing to download the cert because it was in the IdP metadata xml, but for other setups like Salesforce and Marketo I've had to do that.

http://imgur.com/fNMwYaf

Image

I did make these changes to the saml config to work with Centrify's Generic SAML app (omitAssertionSignatureCheck="True" and binding="Post" were the most importatnt)
  <identityProviders metadata="./Config/IDP">
    <add id="http://twamley.umbraco.local" default="True" omitAssertionSignatureCheck="True">
      <endpoints>
        <endpoint type="SignOn" url="https://pod1.centrify.com/run?appkey=..." binding="Post" />
      </endpoints>
    </add>
  </identityProviders>
Finally, you have to "Deploy" the app so end users can use it.

http://imgur.com/caOU8s7

Image

At that point you switch over to User Portal and you can launch an IdP-Initiated (aka Unsolicited SSO) from the app dashboard.

http://imgur.com/r4Xbq7f

Image

Of course then you'll bump into the issue I reported with CheckReplayAttack() shutting you down due to a missing InResponseTo attribute. But it works great out of the box for SP-Initiated SSO.

Thanks for your work on this project!