SAML2.0 test connection

sagar_latake · July 5, 2022, 1:04pm

Hi Team,
I could able to add SAML2.0 SSO authentication in Java Spring based application & its working fine. While configuring the SAML2.0 at service provider side, I wanted to add one button at the end of configuration, which will test the connection between service provider and IdP. I tried multiple ways to do it but no luck. So Is their any API, particularly used for this functionality? Any pointers regards to this will be appreciated. Thank you.

phi1ipp · July 6, 2022, 10:52pm

What do you want that Test Connection button to do exactly?

sagar_latake · July 7, 2022, 9:11am

Thanks for the reply… In test connection button I wanted to check the initial handshake / connection between IdP and SP. Whether the connection is successful or not. If it’s not successful due to incorrect configuration then user can check the SAML configuration at the same time. Thanks.

phi1ipp · July 7, 2022, 12:07pm

There is no such thing in SAML, b/c SAML assertion is carried by a user browser, only if a user passes IdP authentication process. So maybe you need to re-think your idea

sagar_latake · July 7, 2022, 12:28pm

Thank you so much for the quick reply and suggestion…
If I put it in different way like to check the connection between IdP & SP, if I pass the user credentials to the IdP authentication process then Is that possible to show that xml SAMLResponse as it is to the user without invoking the backend spring security authentication flow? If yes then how it behave if the response is encrypted?
Thank you.
Regards,
Sagar

phi1ipp · July 7, 2022, 1:02pm

To get SAML assertion in XML format, you need to initiate a http request from the browser to a special SAML SSO endpoint on Okta side. You need it to be done in a browser to also send Okta session cookie to the same endpoint, otherwise your user will be asked first to do authentication.

Based on above you can now think one more time if you want to try and mimic that all in your application

sagar_latake · July 7, 2022, 1:17pm

Thanks for the inputs. Yes, previously I tried to hit directly SSO target url using http request from front end only but my application was preventing it. So tried other way. Thank you so much for the suggestion, will re-think on this whether to have this or not.
thanks.