Collection of Useful SAML Tools

Architecting and deploying SAML-based federation for companies using tools like PingFederate and CA SiteMinder is one of CoreBlox' key services. Since I find myself using the same sites repeatedly during these deployments, I thought it would be useful to jot them down for your enjoyment. There are other sites out there are as well, but these few always seem to be on my list:

Update - This was also brought to my attention: SAML Tracer for Firefox

Update 2 - Crissy Stone (below) points out that the XML DOM site let's you verify XML syntax either pasted in or by uploading a file

Since this also comes up, here are the steps I use to create a self-signed certificate with OpenSSL for use with SiteMinder for Federation. The certificate can be used to sign SAML assertions during testing (or I cheat sometimes and using it in production since I can create a certificate with an extended expiration date). I am not an OpenSSL expert, but these steps seem to do the trick (be sure to substitute your desired values):

Generate Private Key and Cert:

> openssl req -x509 -days 3650 -newkey rsa:1024 -keyout saml_key.pem -out saml_cert.pem

Enter PEM Passphrase:  password Verify Passphrase:  password Country:  US State:  Massachusetts Locality:  Framingham Organization Name: CoreBlox Organizational Unit Name: SiteMinder Team Common Name: ps.coreblox.com Email Address: siteminder@coreblox.com

Convert Private Key PCKS8 DER Encoding:

> openssl pkcs8 -topk8 -inform PEM -outform DER -in saml_key.pem -out saml_key.pkcs8

Enter Passphrase:  password Enter Encryption Password:  password Verify Encryption Password: password

Create SiteMinder Key Database (if you haven't done this already):

> smkeytool.bat -createDB -password password -importDefaultCACerts

Import Certs into Key Database:

> smkeytool.bat -addPrivKey -alias defaultEnterprisePrivateKey  -certfile saml_cert.pem -keyfile saml_key.pkcs8 -password password

Validate certs imported correcly:

> smkeytool.bat -listCerts -alias defaultEnterprisePrivateKey

I hope this is helpful.  If you have any tricks or sites you use, please post them in the comments.