The IdP server authenticates the user credentials. While this choice is outside of OpenEdge, this decision affects the configuration of the PAS for OpenEdge and OpenEdge Authentication Gateway instances. OESECTOOL is a utility designed for test environments. Security Administrators can simulate a SAML IdP server to test the PAS for OpenEdge and OpenEdge Authentication Gateway configurations.
Note: OESECTOOL requires a separate installation.

For more information on installation, see Install OESECTOOL.

Add users

To use OESECTOOL as the SAML IdP server, perform the following steps:

  1. Edit oesectool/conf/oesectool-saml.properties.
  2. Change the servername and spBaseURL values.
    servername=hostname
spBaseUrl=https://hostname:port
time.props=validUntil,sessionValidUntil
    Note: Replace hostname and port to match your PAS for OpenEdge (SP) instance.
  3. Add a newuser as the default user.
    1. To make newuser the default user, change sectool.user.id to newuser. 
      sectool.user.id=newuser
      Note: Replace newuser with your user.
    2. Update sectool.user.ids by adding newuser to the comma-delimited list of valid users.
      sectool.user.ids=idp1,idp2,newuser
      Note: Replace newuser with your user.
    3. Copy the idp1.name user section and modify it to reflect newuser details.
      newuser.name=username@domainname.com
newuser.authorities=DomainAdmin,DomainUser
newuser.email=username@domainname.com
newuser.password=password
      Note: Replace newuser, username, domainname, DomainAdmin, DomainUser, and password with your values.
  4. Retain all other values. These values are used to simulate the tasks performed by the IdP to authenticate, validate and exchange the tokens. 
    success=true
validUntil=now+10h
sessionValidUntil=now+11h
audience=/saml2/metadata/oepas1
goto=${spBaseUrl}/rest/_oepingService/_oeping
spUrl=${spBaseUrl}/saml2/login/oepas1

userName=${${sectool.user.id}.name}
userPassword=${${sectool.user.id}.password}
userAuthorities=${${sectool.user.id}.authorities}
userEmail=${${sectool.user.id}.email}

sigKeyAlias=defsigkey
sigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha512
digestMethod=http://www.w3.org/2001/04/xmlenc#sha512
#ssos.protocol=urn:oasis:names:tc:SAML:2.0:protocol

binding.sso.location=samlidp/sso
binding.slo.location=samlidp/slo 

logout.Url=${spBaseUrl}/saml2/logout/result
logout.spIssuer=${spBaseUrl}/saml2/metadata/oepas1
logout.sigKeyAlias=defsigkey

endpoint.metadata=/samlidp/metadata
endpoint.token=/samlidp/token
endpoint.slo=/samlidp/slo
endpoint.sso=/samlidp/sso
endpoint.samlheader=/samlidp/samlheader
endpoint.idpfirst=/samlidp/idpfirst
  5. Save the file.

Start a SAML IdP server using OESECTOOL

To start a test SAML IdP server, use the following OESECTOOL command:

proenv>oesectool\bin\oesectool startsamlserver -port port

For more information on identity providers, see Configure the identity provider.

For more information on the OESECTOOL utility, see OESECTOOL.