Storing persistentId using an HTTP DataConnector

Wed Nov 9 15:32:15 UTC 2022

Hi,   Thanks for your answer.   By "ShibSP" you mean a Shibboleth SP (shibd) and mod_shib enabled ?  If yes, how do you "play" with SAML ?The setup of these two components looks easy, but what to do next ? I am looking for some app (not problem if it's CLI) I could download, as I don't really know where to start if I have to do it from scratch (Python guy here, deprecated Java memories and hello-world level minus in C).   I will have a look to https://samltest.id/ but I prefer some internal stuff first. A "download" link on their homepage would be nice, or something on Docke Hub :-)   Regards

Le 09-Nov-2022 14:25:33 +0100, users at shibboleth.net a crit: 
> Is there some tool a bit like "aacli" but able to mimic some kind of "dummy SP" ? Only sending forged SAML requests and getting the responses, just for debug and learning purpose.

My team uses a small VM with a basic RHEL + apache + TLS + ShibSP installed that we use for testing SP things. I think there's also https://samltest.id/ that some have used, but I haven't. I've used my small VM to build small SAML proof of concepts for golang, node, and whatever things our customers are trying to integrate with SSO.

ShibSP is a very versatile SAML implementation. I recommend it over other implementations. But there are certainly others, like python, perl, and even bash.

- Steve

On 11/9/22, 8:19 AM, "users on behalf of Cantor, Scott via users"  wrote:

> We don't have any SP as far as I know. So I am trying to be ready for
> anything and learing with trial/errors. 

If you didn't have any SPs to worry about, you wouldn't need an IdP. And if you're really starting from scratch, this is not how to do it. Do NOT support things just because. That goes triple for pairwise ID constructs. Stop, undo, get rid of all of it, until you know what you're doing and why.

Deploy what you require, when you're ready to support it.

> Is there some tool a bit like "aacli" but able to mimic some kind of "dummy SP" ? Only sending forged SAML requests and getting the
> responses, just for debug and learning purpose.

There's testshib.

-- Scott

-- 
For Consortium Member technical support, see https://urldefense.com/v3/__https://shibboleth.atlassian.net/wiki/x/ZYEpPw__;!!IBzWLUs!SzyQyvR4f8VotPhHBk5bh_WRkWyQ-0fXVGw-fKP6ZJgB3FVWHTZ9mGSQ7lHfNi8a-wLyHiuaYDJnL_Sg$ 
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

-- 
For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net 

-------------------------------------------------------------------------------------------------
FreeMail powered by mail.fr
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20221109/f4bf92af/attachment.htm>