Skip to content

Testing SSO locally

Jump to bottom
Paul Gibbs edited this page Apr 8, 2019 · 2 revisions

Testing locally

Usually SSO systems are managed by external entities to the development team, and most times - at least in my experience - it has been a daunting experience asking for configuration changes back and forth to be able to test the SSO implementation, specially because SSO SPs ( service providers, which is our site in this case ) require a single URL to redirect to after authentication succeeds.

Here is where kristophjunge's test-saml-idp docker image comes to relieve some of the pressure, enabling you to test the SSO process with minimal changes required.

Steps:

First we run the docker image, and pass some parameters to introduce our site's SP

docker run --name=testsamlidp_idp \
-p 8080:8080 \
-p 8443:8443 \
-e SIMPLESAMLPHP_SP_ENTITY_ID=http://mysite.local \
-e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://mysite.local/sso/verify \
-e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=http://mysite.local/sso/logout \
-d --rm kristophjunge/test-saml-idp

Second we need to configure the plugin, using filters below, to use the new IdP configuration

  • In order to do that, we need to copy the IdP metadata XML from our dockerized IdP, which should live at http://localhost:8080/simplesaml/saml2/idp/metadata.php?output=xml ( if you used the example above ), and save it locally where our site can read it. Let's assume it is under ABSPATH . '/.private/sso/test.idp.xml'.
  • Create a new integration plugin / edit functions.php, and filter the plugin configuration as follows:
// SAML metadata XML file path
add_filter( 'wpsimplesaml_idp_metadata_xml', function(){
	return ABSPATH . '/.private/sso/test.idp.xml';
} );

// Configure attribute mapping between WordPress and SSO IdP
add_filter( 'wpsimplesaml_attribute_mapping', function(){
	return [
		'user_login' => 'uid',
		'user_email' => 'email',
	];
} );
  • Now you can start testing using the sample static users provided by the docker image

Note: The docker command in the example removes the image automatically once the container is removed, as no state needs to be preserved, you just need to stop the container after you're finished, for the sake of your battery, using docker stop testsamlidp_idp.

Clone this wiki locally