Just for the records, I have been able to conduct a full testing of my CAS/SAML using the excellent tool soapUI (http://www.soapui.org/). The steps that I followed:
How to test SAML 1.1 using SoapUI ================================= 1) Login and generate a CAS ticket by opening the following URL on a browser: https://CAS_DOMAIN:PORT/cas/login?service=http://localhost/foo 2) The browser should be now displaying an error because it should have been redirected back to the URL http://localhost/foo which probably does not exist. What is important though is that you would be able to retrieve the ticket from the URL. Example: # URL http://localhost/foo?ticket=ST-3-j6RIZfeaNTxilsFYr3xe-cas # TICKET ST-3-j6RIZfeaNTxilsFYr3xe-cas 3) Now using SoapUI submit a request to a specified end point. The URL should be: https://CAS_DOMAIN:PORT/cas/samlValidate?TARGET=http://localhost/foo&ticket=ST-3-j6RIZfeaNTxilsFYr3xe-cas with the contents: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header/> <SOAP-ENV:Body> <samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" MajorVersion="1" MinorVersion="1" RequestID="_192.168.16.51.1024506224022" IssueInstant="2002-06-19T17:03:44.022Z"> <samlp:AssertionArtifact> ST-3-j6RIZfeaNTxilsFYr3xe-cas </samlp:AssertionArtifact> </samlp:Request> </SOAP-ENV:Body> </SOAP-ENV:Envelope> A proper response should look like this: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header/> <SOAP-ENV:Body> <Response IssueInstant="2009-03-05T07:14:31.658Z" MajorVersion="1" MinorVersion="1" Recipient="http://localhost/foo"; ResponseID="_51f5500f6321cceebed8973869a76452" xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:xsd="http://www.w3.org/2001/XMLSchema"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <Status> <StatusCode Value="samlp:Success"/> </Status> <Assertion AssertionID="_5854e59aef16cb27c1355c32eab23f0b" IssueInstant="2009-03-05T07:14:31.658Z" Issuer="localhost" MajorVersion="1" MinorVersion="1" xmlns="urn:oasis:names:tc:SAML:1.0:assertion"> <Conditions NotBefore="2009-03-05T07:14:31.658Z" NotOnOrAfter="2009-03-05T07:15:01.658Z"> <AudienceRestrictionCondition> <Audience>http://localhost/foo</Audience> </AudienceRestrictionCondition> </Conditions> <AuthenticationStatement AuthenticationInstant="2009-03-05T07:10:17.078Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:unspecified"> <Subject> <NameIdentifier>juan.huerta</NameIdentifier> <SubjectConfirmation> <ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:artifact</ConfirmationMethod> </SubjectConfirmation> </Subject> </AuthenticationStatement> </Assertion> </Response> </SOAP-ENV:Body> </SOAP-ENV:Envelope> Many thanks to everyone, specially to Marvin and Julien :-) unai -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
