/saml-tester

Simple utility to generate and validate IDP initiated SAML packet

Primary LanguageJavaScript

Saml-Tester

Simple utility to generate and validate IDP initiated SAML packet

Installation

  • Clone this repository https://github.com/avinashpandit/saml-tester.git
  • Make sure node and npm installed. Also make sure jdk 1.8+ installed on your system
  • npm install
  • Above command will install all required dependencies and build would be available to run.

Generate or reuse self-signed certificates and private keys for IDP and SP

  • Following files are already generated ** idp-pub.crt ** idp-pvt.pem ** sp-pub.crt ** sp-pvt.pem
  • You can create your own self-signed certificates using openssl https://github.com/tngan/samlify/blob/master/docs/key-generation.md or through https://www.samltool.com/self_signed_certs.php
  • If you creating private key password protected , then make sure to pass keys while initialization of SP or IDP under index.js
  • Note Make sure you update idpmetadata.xml if you generate new certiicates. Please update X509Certificate under signing with certificate from idp-pub.crt. Please update X509Certificate under encryption with certificate from sp-pub.crt.

Execute

  • npm run test

Sample Execution response

  • IDP generated SAML Assertion packet : PHNhbWxwOlJlc3BvbnNlIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iIElEPSJfMzU0NmU3OWYtMTU4ZS00ZWE5LTgyMzgtNThlZWExMGIwYmEzIiBWZXJzaW9uPSIyLjAiIElzc3VlSW5zdGFudD0iMjAyMC0wNi0xNlQyMzowMTowOS40MTFaIiBEZXN0aW5hdGlvbj0idW5kZWZpbmVkIiBJblJlc3BvbnNlVG89InJlcXVlc3RfaWQiPjxzYW1sOklzc3Vlcj5odHRwczovL2lkcC5leGFtcGxlLmNvbS9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PHNhbWxwOlN0YXR1cz48c2FtbHA6U3RhdHVzQ29kZSBWYWx1ZT0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnN0YXR1czpTdWNjZXNzIi8+PC9zYW1scDpTdGF0dXM+PHNhbWw6QXNzZXJ0aW9uIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il81OTYxMjExZS1hMThhLTQyN2EtYjNmNi0yNDZjMGI0NGVkOWQiIFZlcnNpb249IjIuMCIgSXNzdWVJbnN0YW50PSIyMDIwLTA2LTE2VDIzOjAxOjA5LjQxMVoiPjxzYW1sOklzc3Vlcj5odHRwczovL2lkcC5leGFtcGxlLmNvbS9tZXRhZGF0YTwvc2FtbDpJc3N1ZXI+PGRzOlNpZ25hdHVyZSB4bWxuczpkcz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzOlNpZ25lZEluZm8+PGRzOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxkc2lnLW1vcmUjcnNhLXNoYTI1NiIvPjxkczpSZWZlcmVuY2UgVVJJPSIjXzU5NjEyMTFlLWExOGEtNDI3YS1iM2Y2LTI0NmMwYjQ0ZWQ5ZCI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRpZ2VzdFZhbHVlPmV3c1BwcTVaSEhNUEZ4bmJIeXdpZXcxYmhTOUxTbkZDY29uRERRdkRlZnM9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+PGRzOlNpZ25hdHVyZVZhbHVlPlg2ajcrVTgzK2QzS2FieVF1SnFmOVhyU2VKTWdxSit4M1haZ3duN1h5WHl3dGdOWGptTHdyUlVuNXNhSkhKZ2dMOS9tWHpxWnBYZlg0L3d6ZWdkZWxCN2Q4eittaEwxbGhNektEcmh4Zjg3MTRyZVZkNHNwcjhmZmJXdmIyR3VIUFVhYzI0WnI2UEFIbzNuUk9aVXZVTGJML0VtMDVkZ1ArS3d0KzZPMVYxYz08L2RzOlNpZ25hdHVyZVZhbHVlPjxkczpLZXlJbmZvPjxkczpYNTA5RGF0YT48ZHM6WDUwOUNlcnRpZmljYXRlPk1JSUN4RENDQWkyZ0F3SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRMEZBREIvTVFzd0NRWURWUVFHRXdKMGNqRVIKTUE4R0ExVUVDQXdJU1hOMFlXNWlkV3d4SERBYUJnTlZCQW9NRTBGc2RHVnlibUYwYVdaaVlXNXJJRUV1VXk0eApJREFlQmdOVkJBTU1GeW91WVd4MFpYSnVZWFJwWm1KaGJtc3VZMjl0TG5SeU1SQXdEZ1lEVlFRSERBZFRZWEpwCmVXVnlNUXN3Q1FZRFZRUUxEQUpKVkRBZUZ3MHlNREEyTVRVd01qUXlNekphRncweU1UQTJNVFV3TWpReU16SmEKTUg4eEN6QUpCZ05WQkFZVEFuUnlNUkV3RHdZRFZRUUlEQWhKYzNSaGJtSjFiREVjTUJvR0ExVUVDZ3dUUVd4MApaWEp1WVhScFptSmhibXNnUVM1VExqRWdNQjRHQTFVRUF3d1hLaTVoYkhSbGNtNWhkR2xtWW1GdWF5NWpiMjB1CmRISXhFREFPQmdOVkJBY01CMU5oY21sNVpYSXhDekFKQmdOVkJBc01Ba2xVTUlHZk1BMEdDU3FHU0liM0RRRUIKQVFVQUE0R05BRENCaVFLQmdRRG4wSkM3OVhBSVZ2RjM5ZlMzZHo5ek1JTnhrZkpHSjFGOFYvVURkSW5QYnJERQpZYmVNZXZ0NHJVcjhrMXBNdXgxMm5iNitEbDVDVHVJMXJleVhJdUk1SHorOWJ3TnNHK0IyVTdUWGZuYTk0a3l4CnRRWGU3UC83bjVSQ0poUDFwMkJoUDJycWV4djZiSDBaWDhMajZ0ZTJEZERRVXp6OEM2QWpPNlhIUzFjcTF3SUQKQVFBQm8xQXdUakFkQmdOVkhRNEVGZ1FVNEdqdEN5WmhIM2FVbmUrZW9VajJSS0tJalFzd0h3WURWUjBqQkJndwpGb0FVNEdqdEN5WmhIM2FVbmUrZW9VajJSS0tJalFzd0RBWURWUjBUQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCCkFRMEZBQU9CZ1FBWHRqamNPYnhIUmgrRDByaDhoUXRRdDR1NENzRFluR1J4VjM5RXlZS2pqWkM1QXZYWlhhZ1IKUmE3NFNKdERoa3BPTWNPTlFFWUFVdEkxLzRiaUN3UUVqeHJySkRabGdyUDhOekZQOU5wS3UwVmRqNGdXUVhFMQozdWt5eW5ydFNVeUxuc2hjS1BtZFZBKzk1QmE2aithalNERzNuWW9JV0wyVGVqSFJzWnlpaFE9PTwvZHM6WDUwOUNlcnRpZmljYXRlPjwvZHM6WDUwOURhdGE+PC9kczpLZXlJbmZvPjwvZHM6U2lnbmF0dXJlPjxzYW1sOlN1YmplY3Q+PHNhbWw6TmFtZUlEIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6cGVyc2lzdGVudCI+dXNlckBlc2FtbDIuY29tPC9zYW1sOk5hbWVJRD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uIE1ldGhvZD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmNtOmJlYXJlciI+PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGEgTm90T25PckFmdGVyPSIyMDIwLTA2LTE2VDIzOjA2OjA5LjQxMVoiIFJlY2lwaWVudD0idW5kZWZpbmVkIiBJblJlc3BvbnNlVG89InJlcXVlc3RfaWQiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyMC0wNi0xNlQyMzowMTowOS40MTFaIiBOb3RPbk9yQWZ0ZXI9IjIwMjAtMDYtMTZUMjM6MDY6MDkuNDExWiI+PHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT50ZXN0RW50aXR5SUQ8L3NhbWw6QXVkaWVuY2U+PC9zYW1sOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sOkNvbmRpdGlvbnM+PC9zYW1sOkFzc2VydGlvbj48L3NhbWxwOlJlc3BvbnNlPg==

  • SP signature validated SAML Assertion packet :

<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_3546e79f-158e-4ea9-8238-58eea10b0ba3" Version="2.0" IssueInstant="2020-06-16T23:01:09.411Z" Destination="undefined" InResponseTo="request_id">saml:Issuerhttps://idp.example.com/metadata</saml:Issuer>samlp:Status<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/></samlp:Status><saml:Assertion xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_5961211e-a18a-427a-b3f6-246c0b44ed9d" Version="2.0" IssueInstant="2020-06-16T23:01:09.411Z">saml:Issuerhttps://idp.example.com/metadata</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ds:SignedInfo<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><ds:Reference URI="#_5961211e-a18a-427a-b3f6-246c0b44ed9d">ds:Transforms<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>ds:DigestValueewsPpq5ZHHMPFxnbHywiew1bhS9LSnFCconDDQvDefs=</ds:DigestValue></ds:Reference></ds:SignedInfo>ds:SignatureValueX6j7+U83+d3KabyQuJqf9XrSeJMgqJ+x3XZgwn7XyXywtgNXjmLwrRUn5saJHJggL9/mXzqZpXfX4/wzegdelB7d8z+mhL1lhMzKDrhxf8714reVd4spr8ffbWvb2GuHPUac24Zr6PAHo3nROZUvULbL/Em05dgP+Kwt+6O1V1c=</ds:SignatureValue>ds:KeyInfods:X509Datads:X509CertificateMIICxDCCAi2gAwIBAgIBADANBgkqhkiG9w0BAQ0FADB/MQswCQYDVQQGEwJ0cjER MA8GA1UECAwISXN0YW5idWwxHDAaBgNVBAoME0FsdGVybmF0aWZiYW5rIEEuUy4x IDAeBgNVBAMMFyouYWx0ZXJuYXRpZmJhbmsuY29tLnRyMRAwDgYDVQQHDAdTYXJp eWVyMQswCQYDVQQLDAJJVDAeFw0yMDA2MTUwMjQyMzJaFw0yMTA2MTUwMjQyMzJa MH8xCzAJBgNVBAYTAnRyMREwDwYDVQQIDAhJc3RhbmJ1bDEcMBoGA1UECgwTQWx0 ZXJuYXRpZmJhbmsgQS5TLjEgMB4GA1UEAwwXKi5hbHRlcm5hdGlmYmFuay5jb20u dHIxEDAOBgNVBAcMB1Nhcml5ZXIxCzAJBgNVBAsMAklUMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQDn0JC79XAIVvF39fS3dz9zMINxkfJGJ1F8V/UDdInPbrDE YbeMevt4rUr8k1pMux12nb6+Dl5CTuI1reyXIuI5Hz+9bwNsG+B2U7TXfna94kyx tQXe7P/7n5RCJhP1p2BhP2rqexv6bH0ZX8Lj6te2DdDQUzz8C6AjO6XHS1cq1wID AQABo1AwTjAdBgNVHQ4EFgQU4GjtCyZhH3aUne+eoUj2RKKIjQswHwYDVR0jBBgw FoAU4GjtCyZhH3aUne+eoUj2RKKIjQswDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B AQ0FAAOBgQAXtjjcObxHRh+D0rh8hQtQt4u4CsDYnGRxV39EyYKjjZC5AvXZXagR Ra74SJtDhkpOMcONQEYAUtI1/4biCwQEjxrrJDZlgrP8NzFP9NpKu0Vdj4gWQXE1 3ukyynrtSUyLnshcKPmdVA+95Ba6j+ajSDG3nYoIWL2TejHRsZyihQ==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature>saml:Subject<saml:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">user@esaml2.com</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"><saml:SubjectConfirmationData NotOnOrAfter="2020-06-16T23:06:09.411Z" Recipient="undefined" InResponseTo="request_id"/></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2020-06-16T23:01:09.411Z" NotOnOrAfter="2020-06-16T23:06:09.411Z">saml:AudienceRestrictionsaml:AudiencetestEntityID</saml:Audience></saml:AudienceRestriction></saml:Conditions></saml:Assertion></samlp:Response>