🔐 Example SAML Identity Provider
This is a simulated multi-tenant SAML 2.0 Identity Provider for testing the AuthBroker. Each tenant represents a municipality with its own user directory and signing certificate.
Configured Tenants
Kristianstads Kommun
kristianstadStrict mode ON
| Entity ID | https://idp.example.local/kristianstad |
|---|---|
| SSO URL | https://test-idp.authbroker.qreatory.io/saml/kristianstad/sso |
| Metadata URL | https://test-idp.authbroker.qreatory.io/saml/kristianstad/metadata |
| SP Sessions API | https://test-idp.authbroker.qreatory.io/saml/kristianstad/sp-sessions |
| Strict Settings | https://test-idp.authbroker.qreatory.io/saml/kristianstad/strict-settings | Export JSON |
Strict Mode Policy
Import Allowed Service Provider Metadata
Registered Service Providers for Strict Mode 1
| SP Entity ID | Display Name | ACS URLs | SLO URL | Signing Certs | Updated | Actions |
|---|---|---|---|---|---|---|
https://authbroker.qreatory.io/saml/kristianstad |
- | 1 endpoint(s) | https://authbroker.qreatory.io/auth/saml/kristianstad/slo |
1 | 2026-03-11 14:06:41 UTC |
Test Users
| Username | Password | Name | Role | |
|---|---|---|---|---|
kristianstad.user1 |
Test1234! |
Kristianstad User1 | kristianstad.user1@kristianstad.se | admin |
kristianstad.user2 |
Test1234! |
Kristianstad User2 | kristianstad.user2@kristianstad.se | handlaggare |
Active SP Sessions 0
No active SP sessions. Complete an SSO login flow to see sessions appear here.
Tanums Kommun
tanumPermissive mode
| Entity ID | https://idp.example.local/tanum |
|---|---|
| SSO URL | https://test-idp.authbroker.qreatory.io/saml/tanum/sso |
| Metadata URL | https://test-idp.authbroker.qreatory.io/saml/tanum/metadata |
| SP Sessions API | https://test-idp.authbroker.qreatory.io/saml/tanum/sp-sessions |
| Strict Settings | https://test-idp.authbroker.qreatory.io/saml/tanum/strict-settings | Export JSON |
Strict Mode Policy
Import Allowed Service Provider Metadata
Registered Service Providers for Strict Mode 0
No SP metadata imported yet for strict validation.
Test Users
| Username | Password | Name | Role | |
|---|---|---|---|---|
tanum.user1 |
Test1234! |
Tanum User1 | tanum.user1@tanum.se | admin |
tanum.user2 |
Test1234! |
Tanum User2 | tanum.user2@tanum.se | handlaggare |
Active SP Sessions 0
No active SP sessions. Complete an SSO login flow to see sessions appear here.
How it works
- The consuming application redirects the user to AuthBroker's login endpoint.
- AuthBroker creates a SAML AuthnRequest and redirects the browser to this IdP's SSO URL.
- This IdP presents a login form. The user enters their test credentials.
- The IdP creates a signed SAML Response and auto-POSTs it to AuthBroker's ACS endpoint.
- AuthBroker validates the assertion, extracts claims, and redirects the user back to the application.
Strict Mode Guidance
- Default mode is permissive for fast local testing on first startup.
- Enable strict mode per tenant after importing AuthBroker SP metadata.
- In strict mode, invalid or unsigned AuthnRequests are rejected before the login form is shown.