I'm wondering if there are any publicly available SAML v2 SPs that I can use to test with.

I think Salesforce and Google apps both have an SSO solution which is compatible, but I'm just not sure how to go about getting access (and unclear whether it costs.)

Maybe I should just set up an SP (using OpenSSO or something) on another box? Thanks in advance.

Samling is a serverless SAML IdP for the purpose if testing any SAML SP endpoint. It supports AuthnRequest and LogoutRequest.

It runs solely in the browser to simulate SAML responses returned from a SAML IdP - no registration, no servers, just a browser. You can control many aspects of the response - from success to various failures.

Simply setup the target URL for the SAML IdP to be https://capriza.github.io/samling/samling.html, and you're done. If there is a SAMLRequest query param present on the request, Samling will parse, extract and populate the relevant fields.

If you don't want to use the online version, you can clone the samling repo from https://github.com/capriza/samling and host it yourself - all you will need is a static file server.

(disclosure: Samling was developed by Capriza so we could easily test out various SAML integrations)

Salesforce has a free developer edition you can sign up for at: http://developer.force.com. It will enable you to test with them acting as either a SAML 2.0 SP or IDP. It is quite simple to sign up and use its SAML features for testing purposes.

For Google, they offer free 30 day Google Apps accounts for trial purposes - beyond that you need to pay.

As you say - there are loads others (like PingFederate or OpenAM) that you could either get for free, sign up for a trial for or purchase - if you want something in house.

Shibboleth offer a publicly available SAML v2 SP and IdP; https://www.testshib.org/ Note - works with any SAML IdP/SP, not just shib.

Why not just use SimpleSAMLPHP? It's easy to set up, and can be used as a service provider. Google Apps is also pretty easy to set up as a SAML service provider.

SSOCircle - SAML/OpenID IDP

I can't recommend because I haven't used it, but it sounds promising, so worth trying.

They provide free public users and integration with your own SP and additional features with premium accounts.

You can definitely use miniOrange's SAML SSO with a variety of service providers. I knew nothing about how it all works, and got it setup using their free trial very quickly, as they have nice docs that step you through integrating with a variety of service providers, with Salesforce of course being one of them.

So:

• Sign up for a free trial here
• View their docs on how to integrate.

I don't work for them, I just found it was easy one to setup, and I tried SSOCircle and Salesforce as an IDP before these guys as well. FYI !

Here is how you can use salesforce developer's account to set up your IdP and test it with an example service provider hosted on heroku

STEP 1: Establish a Federation Id For this single sign-on implementation, we’ll set a user attribute that links the user between their Salesforce organization and an external application.

1. From Setup in your salesforce developer's account, enter Users in the Quick Find box, then select Users. Click Edit next to your current user. In the Single Sign On Information section, enter the Federation ID: admin@universalcontainers.com. For this example, we arbitrarily made up a Federation ID. The Federation ID is a unique username for each user that can be shared across multiple applications. Sometimes this is the employee ID for that user. Click Save.

STEP 2: Set up your Identity Provider

1. In a new browser window, go to http://axiomsso.herokuapp.com.
2. Click SAML Identity Provider & Tester. Click Download the Identity Provider Certificate. The certificate validates signatures, and you need to upload it to your Salesforce organization. Remember where you save it.
3. In your Salesforce organization, from Setup, enter Single Sign-On Settings in the Quick Find box, then select Single Sign-On Settings. Click Edit. Select SAML Enabled. Click Save.

4. In SAML Single Sign-On Settings, click New. Enter the following values.

   Name: Axiom Test App 
   Issuer: http://axiomsso.herokuapp.com Identity
   Provider Certificate: Choose the file you downloaded in step 3.
   Request Signing Certificate: Select a certificate. If no 
   certificate is available, leave as Generate self-signed 
   certificate. 
   SAML
   Identity Type: Select Assertion contains the Federation ID from the
   User object. 
   SAML Identity Location: Select Identity is in the
   NameIdentifier element of the Subject statement. 
   Service Provider Initiated Request Binding: Select HTTP Redirect. 
   Entity Id: Enter your My Domain name including “https”, such as
   https://universalcontainers.my.salesforce.com Click Save and leave
   the browser page open.
   

STEP 3: Generate SAML

1. Return to Axiom at http://axiomsso.herokuapp.com. Click generate a SAML response. Enter the following values (other fields can be left blank).

    SAML 2.0
    Username or Federated ID: admin@universalcontainers.com
    Issuer: http://axiomsso.herokuapp.com
    Recipient URL: Get that from the Salesforce SAML Single Sign-On 
    Setting page. (If you didn’t keep that page open, from Setup, 
    enter Single Sign-On Settings in the Quick Find box, then select 
    Single Sign-On Settings, and then click Axiom Test App.) Use the 
    Salesforce Login URL value.