SAML BOX FAQs

Q: What is SAML BOX?

SAML BOX is a custom developed application deployed to help you test your SAML integration. It can act as both SP and IDP.

Q: Why did you create this website?

I want some test IDP and SP so that I can debug/troubleshoot my SAML integration, but couldn't find any useful ones online. Hence, I developed this website which could be helpful for others too.

Q: How to use SAML BOX?

First, you will need to have some understanding on the SAML protocols and then, your own app (either IDP or SP) to do SSO with SAML BOX

Then, go to Getting Started page to get started.

Q: What is Boston Identity?

Boston Identity is an IAM consulting firm based in Boston MA. They provide top quality service to fortune 500 clients.

Q: Who developed this platform?

This platform is developed by Le Deng, who is the co-founder of Boston Identity and a huge fan of Jazz music too.

Q: Are there any good resources to learn SAML, OAuth/OIDC, and other IAM topics?

Work on projects is best way to learn. For some basic theory, check out some blogs here. Also, learn to use AI.

Q: What is SAML BOX SP or IDP landing page?

When you have uploaded either an IDP or SP metadata, a corresponding landing page for that entity is created, where you can browse a list of actions available, which is more convenient to manage.

Q: Am I able to view logs if I encounter any issue during SAML SSO?

Yes.

Q: Who should I contact if I have any question?

Send an email to le.deng@bostonidentity.com

Q: What SAML bindings are supported?

When SAML BOX acts as an SP, you can use either HTTP POST or HTTP Redirect for both SSO and SLO for SAML Request. However, SAML Response is required to be HTTP POST for SAML BOX to accept, and this is for both SSO and SLO.

When SAML BOX acts as an IDP, you can use either HTTP POST or HTTP Redirect for both SSO and SLO for SAML Request.

Q: Is SAML Encryption Supported?

When SAML BOX acts as an SP, signature is required in the SAML response even if it's encrypted.

When SAML BOX acts as an IDP, you can turn the encryption on or off.

Q: Is IDP-Init SAML SSO supported?

Yes. When SAML BOX acts as IDP, IDP-init SSO login can be triggered from landing page. URL pattern is https://saml-box.com:8443/realms/master/protocol/saml/clients/{spEntityId}-idp-init

Q: Is SAML Single Logout (SLO) supported?

When SAML BOX acts as SP, SP-init SLO is supported, and SLO response from IDP needs to be signed. It works with HTTP POST.

When SAML BOX acts as IDP, SP-init SLO is supported with both HTTP POST and HTTP Redirect. You just need to specify the corresponding URLs in the setting.

Q: I don't have SAML metadata file. Is there any tool to build one?

There are tools out there you can use. Here is one for SP metadata builder , and one for IDP metadata builder

Q: What AuthenticationContext is supported?

When SAML BOX acts as SP, Authentication Context is not supported, meaning it won't send any Authentication Context information in the SAML Request.

When SAML BOX acts as IDP, only 'urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified' is supported for AuthnContextClassRef