SAML v2.0 Messaging Test Site for Assertion

The aim of this site is to provide integrators with a sandbox environment that has the ability to component test the sending of a SAML v2.0 Request to the RealMe assertion service and receiving a SAML v2.0 response from the RealMe assertion service. Specifically, the website provides:

• validation of SAML v2.0 metadata elements for RealMe assertion service
• the ability to receive a SAML v2.0 AuthnRequest and validity of the message content
• the ability to set the verified identity attributes to be received
• the generation of a successful SAML v2.0 response
• the generation of a non-successful SAML v2.0 response.

The RealMe developers website describes the sending of SAML v2.0 messages to and from the RealMe assertion service. The SAML v2.0 messaging is designed to adhere to the base OASIS SAML v2.0 specification. In doing so, it aims to cater for a broad range of SAML v2.0 compliant products.

Messages from the SP to the RealMe Assertion Service

The Messaging Test Site accepts messages entered as either:

• developer input via a form - this allows for interim diagnosis results to be displayed and continuation via manual entry of SAML v2.0 response options
• parameters to a Messaging Test Site URL - this allows the automation of message validation and continuation onto the SAML v2.0 exchange.

After a successful validation of the Request, the Messaging Test Site provides an optional continuation into a SAML v2.0 response. This redirects the browser to your SAML v2.0 SP product. For POST binding, the SAML Service Provider (SP) needs to decode the assertion to consume the verified attributes and the Federated Identity Tag (FIT). In your live implementation, it is the responsibility of your SP to record any failure and any error response and present it for fault analysis.

Core MTS integration steps

1. Obtain the self-signed SP and IdP certificates from the MTS zip filebundle , which you can download here. Full assertion service integration requires the purchase of CA certificates.
2. Import the RealMe assertion service SAML v2.0 IdP metadata file from the bundle and create an association with the RealMe assertion service MTS.
3. Export the SP SAML v2.0 metadata file from your SAML v2.0 component or edit a file based on the sample in the MTS zip bundle. You will need to formulate a RealMe compliant Entity ID for your service.
4. Configure the Entity ID, upload the SP metadata, and start testing the message exchange using the the Request validator and manually entering the required verified attributes required in the response.