Follow on to discussions around improving the ability to validate independent portions of the system and to address the lack of a "real" SP to test against in a lot of environments.
It was pointed out that a mocked up SP of even primitive form might be useful enough in a lot of cases, and that led to the recognition that, hey, we have a web server, why not host some kind of mocked capability within the IdP itself and just deliver that out of the box with no additional setup?
There are likely multiple tasks that fall out after further study:
- Testing authentication – we now have the capability to place new web flow features behind the IdP's authentication layer, so an obvious "test" is just a flow that comes out of the box requiring authentication and reporting information about the authentication result, possibly in some detail. It could report much more than just a principal name but actually dump the Java Subject's internals, and possibly even include options controlling which authentication flows end up being used, which would help test more advanced configurations.
- Testing profiles – we have a pretty flexible, though very hardwired, mock SP in our Eclipse testbed project that can generate a variety of request types and dump results. If we cleaned that up, we might be able to expose that as a diagnostic tool for exercising real-world behavior. The current testbed SP just dumps results but could be extended to do a bit more such as decryption of responses and possibly some simple parsing of the SAML results into a more readable report.