2014-07-28 12:38:54 -05:00

4.6 KiB

SAML Response Generator

This is a small utility program that makes it easy to generate SAML responses for testing.

Creating Private and Public Keys for Testing

You will need to generate a private and public key to use for generating saml assertions. The following steps are used for creating the keys:

#create the keypair
openssl req -new -x509 -days 3652 -nodes -out saml.crt -keyout saml.pem

#convert the private key to pkcs8 format
openssl pkcs8 -topk8 -inform PEM -outform DER -in saml.pem -out saml.pkcs8 -nocrypt

Command line tool

You will need to create the jar file in order to use the command line tool. cd to saml-tutorial then run 'mvn package' to create a jar file called 'saml-generator-1.0.jar'. This jar file will be used to create saml assertions.


java -jar saml-generator-1.0.jar [-domain ] [-issuer ] [-privateKey ] [-publicKey ] [-roles ] [-email ] [-samlAssertionExpirationDays ] [-subject ]

The URI of the issuer for the saml assertion.

The username of the federated user.

The domain ID for the federated user.

A comma separated list of role names for the federated user.

The email address of the federated user.

THe path to the location of the public key to decrypt assertions

The path to the location of the private key to use to sign assertions

How long before the assertion is no longer valid


java -jar saml-generator-1.0.jar -domain 7719 -issuer '' -privateKey saml.pkcs8 -publicKey saml.crt -roles 'role1' -samlAssertionExpirationDays 5 -subject samlUser1


<?xml version="1.0" encoding="UTF-8"?>
<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol" xmlns:xs="" ID="e1af8c40-8b45-4f25-a8c5-fd99df001c0e" IssueInstant="2014-06-17T20:47:33.381Z" Version="2.0">
  <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"></saml2:Issuer>
  <ds:Signature xmlns:ds="">
      <ds:CanonicalizationMethod Algorithm=""/>
      <ds:SignatureMethod Algorithm=""/>
      <ds:Reference URI="#e1af8c40-8b45-4f25-a8c5-fd99df001c0e">
          <ds:Transform Algorithm=""/>
          <ds:Transform Algorithm="">
            <ec:InclusiveNamespaces xmlns:ec="" PrefixList="xs"/>
        <ds:DigestMethod Algorithm=""/>
    <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
  <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" ID="4ee2be6a-8075-40a2-ba89-cf0991880af2" IssueInstant="2014-06-17T20:47:33.379Z" Version="2.0">
      <saml2:NameID Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent">samlUser</saml2:NameID>
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
        <saml2:SubjectConfirmationData NotOnOrAfter="2014-06-22T20:47:33.373Z"/>
    <saml2:AuthnStatement AuthnInstant="2014-06-17T20:47:31.963Z">
      <saml2:Attribute Name="roles">
        <saml2:AttributeValue xmlns:xsi="" xsi:type="xs:string">role1</saml2:AttributeValue>
      <saml2:Attribute Name="domain">
        <saml2:AttributeValue xmlns:xsi="" xsi:type="xs:string">14309</saml2:AttributeValue>