I'm wondering if there are any publicly available SAML v2 SPs that I can use to test with.
I think Salesforce and Google apps both have an SSO solution which is compatible, but I'm just not sure how to go about getting access (and unclear whether it costs.)
Maybe I should just set up an SP (using OpenSSO or something) on another box? Thanks in advance.
Salesforce has a free developer edition you can sign up for at: http://developer.force.com. It will enable you to test with them acting as either a SAML 2.0 SP or IDP. It is quite simple to sign up and use its SAML features for testing purposes.
For Google, they offer free 30 day Google Apps accounts for trial purposes - beyond that you need to pay.
As you say - there are loads others (like PingFederate or OpenAM) that you could either get for free, sign up for a trial for or purchase - if you want something in house.
Why not just use SimpleSAMLPHP? It's easy to set up, and can be used as a service provider. Google Apps is also pretty easy to set up as a SAML service provider.
Shibboleth offer a publicly available SAML v2 SP and IdP; https://www.testshib.org/ Note - works with any SAML IdP/SP, not just shib.
SSOCircle - SAML/OpenID IDP
I can't recommend because I haven't used it, but it sounds promising, so worth trying.
They provide free public users and integration with your own SP and additional features with premium accounts.
You can definitely use miniOrange's SAML SSO with a variety of service providers. I knew nothing about how it all works, and got it setup using their free trial very quickly, as they have nice docs that step you through integrating with a variety of service providers, with Salesforce of course being one of them.
So:
I don't work for them, I just found it was easy one to setup, and I tried SSOCircle and Salesforce as an IDP before these guys as well. FYI !
Here is how you can use salesforce developer's account to set up your IdP and test it with an example service provider hosted on heroku
STEP 1: Establish a Federation Id For this single sign-on implementation, we’ll set a user attribute that links the user between their Salesforce organization and an external application.
STEP 2: Set up your Identity Provider
In SAML Single Sign-On Settings, click New. Enter the following values.
STEP 3: Generate SAML
Return to Axiom at http://axiomsso.herokuapp.com. Click generate a SAML response. Enter the following values (other fields can be left blank).