pitbulk
commented
1 year ago You can't validate the whole process as you don't have credentials on the IdP so you never can execute a valid SAML SSO process.
All you can do is to try to validate the data, which is done by OneLogin_Saml2_Settings when the object is initialized.
I have a successful scenario handling the flow : 1 - user enters target_url, entity_id, certificate information to enable sso. 2 - sp registers this data 3 - enduser comes to service provider and tries to login with sso 4 - auth.login is called regarging to previously entered info 5 - acs_url receives response and redirects to dashboard page.
What I'm trying to achieve is checking if target_url, entity_id and certificate are somehow valid. once the user enters these data, there are major account setting updates. I would like to see if everyhing will work fine beforehand.
OneLogin_Saml2_Settings only checks if url is actually a url. OneLogin_Saml2_Auth initializes, and auth.is_authenticated() always returns false unless doing some response processing. So I would like to do this check at step 2.
how can I ?