KMMR SAML Test
← Back to SAML Test Home

SAML IdP Test | SP Integration, Metadata, and Attribute Checks

Use this public guide when you want to connect to a remote SP and test this environment as a SAML IdP. It covers SP metadata registration, IdP metadata setup, SSO / SLO checks, and fixed-user attribute verification.

Open Test Console Open Metadata

Getting Started

  1. Register the remote SP metadata
  2. Load this environment's IdP metadata into the remote SP
  3. Sign in with a fixed test user and inspect what the remote SP receives

URLs Used On This Page

Metadata
https://idp.samltest.kmmr.jp/metadata/
SSO
https://idp.samltest.kmmr.jp/sso/
SLO
https://idp.samltest.kmmr.jp/slo/

What You Can Do in IdP Testing

  • Register remote SP metadata from pasted XML, a metadata URL, or manual entry.
  • Review this environment's IdP metadata, SSO endpoint, and SLO endpoint directly from the console.
  • Start IdP-initiated login with fixed test users and verify what the remote SP receives.
  • Settings are isolated to the current browser session and can be cleared with Reset.

What To Check On the Remote SP

  • Whether the user is treated as signed in after returning to the ACS URL.
  • Whether expected attributes such as NameID, uid, mail, and displayName are received.
  • Whether multi-value attributes such as affiliation and entitlement are handled without breaking.
  • Whether the SP cleanly reloads IdP metadata after changes or resets.

Fixed Test Users

Three test users with different attribute shapes are available so you can verify how the remote SP handles single-value and multi-value attributes.

basic / basicpass

Returns a standard uid / mail / displayName / ePPN set.

admin / adminpass

Adds multivalue affiliation and entitlement attributes.

minimal / minimalpass

Returns only minimal uid and displayName values.

When To Use This IdP Test Guide

Use this guide when you need to test a SAML-enabled application or validation SP while treating this site as the IdP. It is useful for checking SP metadata, SSO / SLO wiring, and how the SP handles fixed-user attributes.

IdP Test Checklist

  • Collect the remote SP metadata XML, ACS URL, and EntityID.
  • Make sure the remote SP can load this environment's IdP metadata.
  • Choose the fixed test user whose attribute pattern matches your verification goal.
  • Define what the SP should display for NameID, mail, displayName, and multi-value attributes.

Common IdP Test Failure Points

  • The SP ACS URL is wrong, so the IdP sends the response to the wrong place.
  • The SP expects a different NameID format from what the IdP sends.
  • The SP is not prepared for multi-value attributes such as affiliation or entitlement.
  • The SP is still using stale metadata, certificates, or endpoints after a reset or change.

SAML IdP Test FAQ

What can I inspect in IdP testing?

You can inspect SP metadata import, this environment's IdP metadata, SSO / SLO endpoints, fixed-user attribute release, and what the SP receives after login.

Why are there fixed test users?

They make it easier to compare how the SP handles both simple single-value attributes and multi-value attribute sets.

Do I need both EntityID and metadata?

Metadata should be preferred whenever possible because it includes EntityID, ACS, certificates, and other required details in one package.

Where can I confirm the SSO and SLO endpoints?

Both the public guide and the console expose them. When you configure the SP, make sure the host and path are copied exactly.

What should I check on the remote SP?

Check whether the ACS flow completes, whether NameID and required attributes are accepted, and whether multi-value attributes are handled cleanly.

If you found this tool helpful, we’d love for you to share it on social media!


We display ads to support the operation of this site. We understand that it may be inconvenient, but we appreciate your understanding.