SAML Mock
The SAML side includes two roles: IdP (issuer) and SP (consumer), which pair together for end-to-end Web Browser SSO demonstration. For terminology and overall explanation, see Mock Overview.
Service URL: https://mock.authn.tech/
IdP — Identity Provider
| Endpoint | Path |
|---|---|
| Metadata | /saml/idp/metadata |
| SSO (Redirect / POST) | /saml/idp/sso |
- Import the Metadata URL to your SP to integrate. SP-initiated: send
AuthnRequestto the SSO endpoint (supports Redirect and POST Binding). - IdP-initiated:
/saml/idp/sso?user=alice&sp=<SP-entityID>&acs=<SP-ACS-URL>. - Issues signed assertions containing
AttributeStatement(email / name, etc.), independently verified signature via industry-standard libraryxml-crypto; self-signed certificate included in Metadata.
SP — Service Provider
| Endpoint | Path |
|---|---|
| Console | /saml/sp/ |
| Metadata | /saml/sp/metadata |
| ACS (POST) | /saml/sp/acs |
Open the console and click to initiate SP-initiated login, displaying signature verification results and assertion parsing.
Want to see it work live? See the real, clickable SAML login demo, running through signature → verification → parsing in one click and displaying results at each step.
Call Sequence (SP-initiated Web Browser SSO)
With "your SP + Mock IdP":
- SP generates
AuthnRequest, redirects the browser (or POSTs) to IdP's/saml/idp/sso. - IdP displays test user selection page (or directly selects per
&user=alice). - IdP generates and signs SAML
Response(containingAssertion), POSTs back to SP's ACS (AssertionConsumerService) address via browser. - SP uses the certificate from IdP Metadata to verify the signature, validates
Audience,NotBefore/NotOnOrAfter,InResponseToconditions, etc. - SP reads
NameIDand attributes from theAssertion, establishes a local session.
AuthnRequest/Responseraw content can be viewed using SAML Encode/Decode and SAML Response Parser; Metadata using SAML Metadata Parser.