KMMR SAML Test
SAML Test

SAML Test Environment

Choose SAML SP testing or SAML IdP testing based on the system you want to connect to. Each mode lets you register metadata, run an SSO login flow, and inspect NameID and exchanged attributes during the test.

Start a SAML SP Test

Connect to a remote IdP and use this environment as a SAML service provider. After login, you can inspect the IdP EntityID, NameID, SessionIndex, and returned attributes.

View Guide Open Test Console

Start a SAML IdP Test

Connect to a remote SP and use this environment as a SAML identity provider. Fixed test users help you verify which attributes and multi-value claims the SP receives.

View Guide Open Test Console

URLs

These are the entry URLs for the guide page, SP testing, and IdP testing. When you need metadata or SAML endpoints, open the page for the mode you want to test.

Guide Page
https://samltest.kmmr.jp/en/
SP Test
https://sp.samltest.kmmr.jp/en/
IdP Test
https://idp.samltest.kmmr.jp/en/

What You Can Verify Here

Import Remote Metadata

SP testing supports pasted metadata XML, metadata URLs, XML file uploads, and manual minimum-field registration for remote IdPs.

Tune the AuthnRequest

You can switch Binding, RequestedAuthnContext, ForceAuthn, isPassive, NameIDPolicy, IDPList, Audience, and signed-request behavior before sending the request.

Inspect Results and Diagnostics

SP testing shows NameID, SessionIndex, and returned attributes, plus signature verification and encrypted-assertion decryption results for the SAML Response.

IdP Testing with Fixed Users

IdP testing lets you register remote SP metadata, publish this environment's IdP metadata, and run IdP-initiated logins with fixed test users.

When To Use This Page

Use this page when you first need to decide whether your integration test should treat this environment as the SP or the IdP. It is the best starting point for metadata exchange checks, SSO round trips, and attribute inspection.

SP Testing vs. IdP Testing

Choose SP Testing When

The remote system is an IdP. Your main checks are AuthnRequest behavior, ACS, NameID, SAML Response handling, signature verification, and returned attributes.

Choose IdP Testing When

The remote system is an SP. Your main checks are IdP metadata, SSO / SLO endpoints, fixed-user attribute release, and what the SP receives after login.

Checklist Before You Start

  • Decide whether you are validating the remote side as an SP or as an IdP.
  • Prepare the remote metadata XML or metadata URL.
  • Confirm EntityID, ACS / SSO / SLO endpoints, and whether signing certificates are required.
  • Define the expected NameID and attribute values you want to confirm.

Common SAML Failure Points

  • EntityID mismatches that allow metadata import but break trust during login.
  • Incorrect ACS or SSO URLs that send the browser back to the wrong endpoint.
  • NameID Format or RequestedAuthnContext values that do not match the remote side's expectations.
  • Missing signed AuthnRequest or certificate settings when the IdP or SP requires them.

Start From a More Specific Guide

If you already know the role you need, start with the dedicated public guide for a shorter setup path.

Open the SAML SP test guide Open the SAML IdP test guide

SAML Guides on the Main Site

The main-site docs section also includes focused guides for SP testing, IdP testing, and metadata review.

SAML SP test basics

Review EntityID, ACS, AuthnRequest, and attribute checks for SP-side testing.

SP basics ↗

SAML IdP test basics

Review SSO, SLO, fixed users, and the SP-side checks that matter most.

IdP basics ↗

SAML metadata checklist

Check EntityID, ACS / SSO / SLO endpoints, certificates, and NameID assumptions before testing.

Metadata checklist ↗

SAML Test Environment FAQ

What can this SAML test environment validate?

It validates metadata exchange, SSO login flows, NameID and attribute handling, SLO endpoint visibility, and common AuthnRequest options.

How do I choose between SP testing and IdP testing?

Use SP testing when the remote side is an IdP, and use IdP testing when the remote side is an SP. That decision changes which metadata you exchange and what you should verify.

What is the difference between the public guide pages and the test consoles?

The public guide pages are indexable, shareable documentation pages. The actual metadata registration and login actions happen on the noindex test consoles at sp.samltest.kmmr.jp and idp.samltest.kmmr.jp.

How much attribute data can I inspect?

In SP testing, you can inspect returned attributes, NameID, SessionIndex, signature verification results, and decrypted content when needed.

Can I use this without a metadata URL?

Yes. You can start from pasted XML, file upload, or manual minimum-field entry when a metadata URL is not available.

If you found this tool helpful, we’d love for you to share it on social media!


We display ads to support the operation of this site. We understand that it may be inconvenient, but we appreciate your understanding.