AuthBroker Example — SAML Identity ProviderAuthBroker Example App

🔐 Example SAML Identity Provider

This is a simulated multi-tenant SAML 2.0 Identity Provider for testing the AuthBroker. Each tenant represents a municipality with its own user directory and signing certificate.

Configured Tenants

Kristianstads Kommun kristianstadPermissive mode

Entity ID	`https://idp.example.local/kristianstad`
SSO URL	https://test-idp.authbroker.digixoil.se/saml/kristianstad/sso
Metadata URL	https://test-idp.authbroker.digixoil.se/saml/kristianstad/metadata
SP Sessions API	https://test-idp.authbroker.digixoil.se/saml/kristianstad/sp-sessions
Strict Settings	https://test-idp.authbroker.digixoil.se/saml/kristianstad/strict-settings \| Export JSON

Strict Mode Policy

Import Allowed Service Provider Metadata

Registered Service Providers for Strict Mode 0

No SP metadata imported yet for strict validation.

User Administration

Full name

Username

Email

Role

Initial password

Personal number

SMS recipient number

User domain

Given name

Surname

Allowed IPs (optional, one per line)

Phone numbers (optional, one per line)

Step-up factors (optional)

Additional claims (optional, one type=value per line)

Enabled

Restrict login to allowed IP list

Test Users 4

Username	Name	Email	Role	Domain	Status	Actions
`albin`	Albin Log	albin.log@mjukvarufabriken.se	user	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) Step-up factors (optional) Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password
`kristianstad.user1`	Kristianstad User1	kristianstad.user1@kristianstad.se	admin	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) Step-up factors (optional) Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password
`kristianstad.user2`	Kristianstad User2	kristianstad.user2@kristianstad.se	handlaggare	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) Step-up factors (optional) Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password
`russlan`	Russlan	russlank@gmail.com	user	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) 0722778508 Step-up factors (optional) email Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password

Users are managed in the editable runtime store via API: /api/example-idp/tenants/kristianstad/users. Passwords are persisted as salted hashes and are never returned by the API.

Active SP Sessions 0

No active SP sessions. Complete an SSO login flow to see sessions appear here.

Tanums Kommun tanumPermissive mode

Entity ID	`https://idp.example.local/tanum`
SSO URL	https://test-idp.authbroker.digixoil.se/saml/tanum/sso
Metadata URL	https://test-idp.authbroker.digixoil.se/saml/tanum/metadata
SP Sessions API	https://test-idp.authbroker.digixoil.se/saml/tanum/sp-sessions
Strict Settings	https://test-idp.authbroker.digixoil.se/saml/tanum/strict-settings \| Export JSON

Strict Mode Policy

Import Allowed Service Provider Metadata

Registered Service Providers for Strict Mode 0

No SP metadata imported yet for strict validation.

User Administration

Full name

Username

Email

Role

Initial password

Personal number

SMS recipient number

User domain

Given name

Surname

Allowed IPs (optional, one per line)

Phone numbers (optional, one per line)

Step-up factors (optional)

Additional claims (optional, one type=value per line)

Enabled

Restrict login to allowed IP list

Test Users 4

Username	Name	Email	Role	Domain	Status	Actions
`albin`	Albin	albin.log@mjukvarufabriken.se	user	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) Step-up factors (optional) Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password
`russlan`	Russlan 2	russlank@gmail.com	user	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) 0722778508 Step-up factors (optional) email Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password
`tanum.user1`	Tanum User1	tanum.user1@tanum.se	admin	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) Step-up factors (optional) Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password
`tanum.user2`	Tanum User2	tanum.user2@tanum.se	handlaggare	-	Enabled	Edit / Reset Password Full name Username Email Role Personal number SMS recipient number User domain Given name Surname Allowed IPs (optional) Phone numbers (optional) Step-up factors (optional) Additional claims (`type=value` per line) Enabled Restrict to allowed IPs New password

Users are managed in the editable runtime store via API: /api/example-idp/tenants/tanum/users. Passwords are persisted as salted hashes and are never returned by the API.

Active SP Sessions 0

No active SP sessions. Complete an SSO login flow to see sessions appear here.

How it works

The consuming application redirects the user to AuthBroker's login endpoint.
AuthBroker creates a SAML AuthnRequest and redirects the browser to this IdP's SSO URL.
This IdP presents a login form. The user enters their test credentials.
The IdP creates a signed SAML Response and auto-POSTs it to AuthBroker's ACS endpoint.
AuthBroker validates the assertion, extracts claims, and redirects the user back to the application.

Strict Mode Guidance

Default mode is permissive for fast local testing on first startup.
Enable strict mode per tenant after importing AuthBroker SP metadata.
In strict mode, invalid or unsigned AuthnRequests are rejected before the login form is shown.

An unhandled error has occurred. Reload 🗙