MIDAS SAML 2.0 (SSO) Integration SAML 2.0 Integration Test

In order to help you configure your MIDAS system (Service Provider) to integrate with a SAML 2.0 Identity Provider, we've provided an easy-to-use tool.

How do I use the SAML Test tool?

  1. Download our SAML 2.0 Test Tool here.
  2. Upload the tool to the location on your server where MIDAS system resides, and set its permissions accordingly.
    The SAMLtest.pl file will need to be granted the "Execute" permission (CHMOD 755). Also, if the location of Perl on your server isn't /usr/bin/perl you may need to edit the first line of the SAMLtest.pl file to reflect the correct location of Perl
    Don't worry if you're not yet running MIDAS, you can still use this tool - just upload it to the location on your server where you propose to eventually install/run MIDAS
  3. Navigate to the corresponding URL in your web browser.

MIDAS SAML 2.0 Test Tool
MIDAS Booking System SAML 2.0 Test Tool
The SAML Test tool has two sections you'll need to populate...

Identity Provider (IdP) Settings

Complete this section with data supplied by your Identity Provider.

Metadata

Paste into this field either the Metadata URL or the raw XML Metadata generated and provided by your Identity Provider.

The Metadata should include the Assertion Consumer Service (ACS) URL indicated in the "Service Provider Settings" below.

Certificate

Paste the public certificate provided by your Identity Provider into this field.

Service Provider (SP) Settings

Assertion Consumer Service (ACS) URL

This is the specific endpoint on the Service Provider (SP) where the Identity Provider (IdP) redirects the user's browser after successful authentication, along with the SAML assertion. The ACS is essentially the location where the SP processes and validates the SAML response from the IdP.

When using the SAML Test tool, this should reflect the URL at which the SAML Test tool is accessed.

When using MIDAS, the ACS url will instead be the URL of your MIDAS system.

Private Key / Certificate

You'll need to generate a Private Key and Public Certificate pair, which will be stored with your MIDAS system. This is subsequently used to encrypt and authenticate data between MIDAS (the Service Provider) and your SAML 2.0 Identity Provider.

Clicking the "Generate" button will generate a new Private Key / Public Certificate pair. This will attempt to automatically use OpenSSL on your server in the first instance. If OpenSSL isn't available on your server, the SAML Test tool will fallback to using MIDAS servers to generate a unique Private Key / Public Certificate pair for you.

If you don't wish to use the 'Generate' button and instead want to manually generate a Private Key / Public Certificate pair, you can execute the following OpenSSL command:

> openssl req -newkey rsa:2048 -nodes -keyout "sp-private-key.txt" -x509 -days 365 -out "sp-certificate.txt" -subj "/C=US/O=Organization/CN=your.midas.domain" 2>&1

Adjust the parts shown in blue in the above command to reflect your Country, Organization Name, and MIDAS domain respectively.

This command will generate two files; "sp-private-key.txt" and "sp-certificate.txt". The contents of these files can then be manually copied and pasted into the "Private Key" and "Certificate" Server Provider (SP) fields accordingly in the SAML Test tool.

Testing your configuration

Once you have completed the two Identity Provider fields and the two Service Provider fields, click "Save".

The SAML Test tool will save your settings and ask whether you would like to test your configuration.

This will then perform a SAML 2.0 authentication transaction. You may be transferred to your Identity Provider's login screen. After successful authentication (and provided you specified the correct ACS url in your settings), your Identity Provider will redirect your browser back to the SAML Test tool.

The SAML Test tool will then display results of the transaction. A typical successful result will display as: "SUCCESS! Received the user/email: Joe Blogs <[email protected]>". This should reflect your name and email address.

A successful result means that you can now use MIDAS with your Identity Provider to provide users with a seamless single sign-on experience. All you'll need to do is update your configuration to change the ACS url over from the SAML Test tool to your MIDAS URL.