As a Service Provider (SP) I have written a node.js service to processes SAML2.0 Assertions. I would now like to test this code.
I am aware that I can use various cloud-based services to act as my test Identity Provider (IdP) however these require that my new, untested SP end-points be made public.
Currently I am simply POSTing a hand-crafted SAML2.0 Assertion to my SP end-point but I want a more realistic test, especially the ability to test SP initiated SSO.
Therefore I believe I need to have a local IdP running on my development machine so I can, for now, keep all my testing local and sand-boxed.
Can you recommend a way forward for me?
There is an open Idp that will reply to any AuthnRequest available for free at https://stubidp.sustainsys.com. It will allow you to set the Subject NameId you want in a simple form and then reply back to the SP. If you want to set up your own instance, the source of the stubidp is available at https://github.com/Sustainsys/Saml2.
Disclosure notice: I'm the author of the stubidp, but I won't make any money out of anyone using it, it's provided entirely as a free service.