Testing SAML Interoperability

From GFIPM Implementation Wiki
Jump to: navigation, search
Main Page

GFIPM implements the SAML Web Single Sign-On Profile. When an IDP and/or SP product is initially deployed, one of the first tests to be performed is the SAML interoperability test. This ensures that the IDP or SP is able to communicate with other SPs or IDPs at the SAML level.

This test is performed after the product has been fully deployed by integrating them into the federation Trust Fabric.

The SAML-interoperability test consists of the following steps:

  1. Protect a resource with your SAML product so it requires Single Sign-On (SSO).
  2. Access that resource to initiate SSO.
  3. The SP should generate an "Authn Request," which is sent to the IDP.
  4. The IDP should process this request, authenticate the user, and generate a SAML response containing a SAML assertion containing GFIPM user attributes.
  5. Verify that the SP can consume the SAML response and extract the GFIPM user attributes from the SAML assertion.

For this test, it is NOT required that the GFIPM user attributes be created from a local user directory, or that they be parsed at the SP. The purpose of the test is simply to verify the SAML level communications process between IDP and SP.

Main Page