Skip to content

Testing SSO locally

Jump to bottom
Ryan McCue edited this page Jan 15, 2026 · 3 revisions

Getting an SSO integration set up can be difficult, and it can be hard to work out where problems are occurring, especially when working on the SSO integration code itself.

Often, SSO systems are managed by external entities to the development team, and it can be a daunting experience asking for configuration changes back and forth.

This testing process uses a local Docker image (kenchan0130/simplesamlphp) powered by SimpleSAMLphp to provide a local IdP for testing.

(This process previously used kristophjunge/test-saml-idp, however this is no longer updated, and is not compatible with ARM-based architectures such as modern macOS devices.)

Steps

Run the container

First we run the Docker image, and pass some parameters to introduce our site's SP:

docker run --name=testsamlidp_idp \
-p 8080:8080 \
-e SIMPLESAMLPHP_SP_ENTITY_ID=http://mysite.local/ \
-e SIMPLESAMLPHP_SP_ASSERTION_CONSUMER_SERVICE=http://mysite.local/sso/verify \
-e SIMPLESAMLPHP_SP_SINGLE_LOGOUT_SERVICE=http://mysite.local/sso/logout \
-d --rm kenchan0130/simplesamlphp

Important: The entity ID must have the trailing /, otherwise you'll get a "Unable to locate metadata" error.

Download the metadata file

We need to configure the plugin to use the new IdP configuration. To start this process, download the metadata XML to configure with.

The metadata XML can be downloaded from http://localhost:8080/simplesaml/saml2/idp/metadata.php?output=xml (assuming the port configuration as above).

Download this file, and save it locally where our site can read it - such as ABSPATH . '/.private/sso/test.idp.xml'.

Configure wp-simple-saml

Create a new integration plugin (or edit functions.php), and filter the plugin configuration as follows:

// SAML metadata XML file path
add_filter( 'wpsimplesaml_idp_metadata_xml', function(){
	return ABSPATH . '/.private/sso/test.idp.xml';
} );

// Configure attribute mapping between WordPress and SSO IdP
add_filter( 'wpsimplesaml_attribute_mapping', function(){
	return [
		'user_login' => 'uid',
		'user_email' => 'email',
	];
} );

Now you can start testing using the sample static users provided by the Docker image:

  • user1 / password
  • user2 / password

Done? Clean up.

The docker command in the example removes the image automatically once the container is removed, as no state needs to be preserved.

To clean it up, stop the container after you're finished, using docker stop testsamlidp_idp

Clone this wiki locally