Table of Contents
← Hide Table of Contents
SAML 2.0 Integration Test
SAML 2.0 Integration TestHow do I use the SAML Test tool?
- Download our SAML 2.0 Test Tool here.
- Upload the tool to the location on your server where MIDAS system resides, and set its permissions accordingly. The SAMLtest.pl file will need to be granted the "Execute" permission (CHMOD 755). Also, if the location of Perl on your server isn't
/usr/bin/perlyou may need to edit the first line of the SAMLtest.pl file to reflect the correct location of PerlDon't worry if you're not yet running MIDAS, you can still use this tool - just upload it to the location on your server where you propose to eventually install/run MIDAS - Navigate to the corresponding URL in your web browser.
Identity Provider (IdP) Settings
Complete this section with data supplied by your Identity Provider.Metadata
Paste into this field either the Metadata URL or the raw XML Metadata generated and provided by your Identity Provider.The Metadata should include the Assertion Consumer Service (ACS) URL indicated in the "Service Provider Settings" below.
Certificate
Paste the public certificate provided by your Identity Provider into this field.Service Provider (SP) Settings
Assertion Consumer Service (ACS) URL
This is the specific endpoint on the Service Provider (SP) where the Identity Provider (IdP) redirects the user's browser after successful authentication, along with the SAML assertion. The ACS is essentially the location where the SP processes and validates the SAML response from the IdP.When using the SAML Test tool, this should reflect the URL at which the SAML Test tool is accessed.
When using MIDAS, the ACS url will instead be the URL of your MIDAS system.
Private Key / Certificate
You'll need to generate a Private Key and Public Certificate pair, which will be stored with your MIDAS system. This is subsequently used to encrypt and authenticate data between MIDAS (the Service Provider) and your SAML 2.0 Identity Provider.Clicking the "Generate" button will generate a new Private Key / Public Certificate pair. This will attempt to automatically use OpenSSL on your server in the first instance. If OpenSSL isn't available on your server, the SAML Test tool will fallback to using MIDAS servers to generate a unique Private Key / Public Certificate pair for you.
If you don't wish to use the 'Generate' button and instead want to manually generate a Private Key / Public Certificate pair, you can execute the following OpenSSL command:
> openssl req -newkey rsa:2048 -nodes -keyout "sp-private-key.txt" -x509 -days 365 -out "sp-certificate.txt" -subj "/C=US/O=Organization/CN=your.midas.domain" 2>&1
Adjust the parts shown in blue in the above command to reflect your Country, Organization Name, and MIDAS domain respectively.
This command will generate two files; "sp-private-key.txt" and "sp-certificate.txt". The contents of these files can then be manually copied and pasted into the "Private Key" and "Certificate" Server Provider (SP) fields accordingly in the SAML Test tool.
Testing your configuration
Once you have completed the two Identity Provider fields and the two Service Provider fields, click "Save".The SAML Test tool will save your settings and ask whether you would like to test your configuration.
This will then perform a SAML 2.0 authentication transaction. You may be transferred to your Identity Provider's login screen. After successful authentication (and provided you specified the correct ACS url in your settings), your Identity Provider will redirect your browser back to the SAML Test tool.
The SAML Test tool will then display results of the transaction. A typical successful result will display as: "SUCCESS! Received the user/email: Joe Blogs <[email protected]>". This should reflect your name and email address.
A successful result means that you can now use MIDAS with your Identity Provider to provide users with a seamless single sign-on experience. All you'll need to do is update your configuration to change the ACS url over from the SAML Test tool to your MIDAS URL.