SAML 2.0 Configuration
TL;DR;
- The SAML Sign-In URL for BadIdP is
https://api.badidp.com/saml/sso - The certificate used for signing assertion responses can be downloaded from
https://api.badidp.com/saml/certificateand, if needed, the full IdP metadata can be downloaded fromhttps://api.badidp.com/saml/metadata - BadIdP will respond adequately to either the
HTTP-RedirectorHTTP-PostSAML request protocol bindings - BadIdP does not verify SAML assertion request signatures, so you may configure your service provider's assertion signing settings however you would like e.g. assertion signing enabled or disabled, and any request signing algorithm (if applicable), along with any request signing digest algorithm (if applicable)
Integration Parameters
Sign-In URL
You must provide your service provider with the SAML Sign-In URL SAML. The value should be https://api.badidp.com/saml/sso.
Assertion Response Signing Certificate
You likely need to provide your service provider with the certificate that BadIdP uses for signing assertion responses. You can download the certificate from https://api.badidp.com/saml/certificate.
SAML Flow Support
Request Binding | Response Binding | Common Flow Name / Alias | Valid SAML | BadIdP Support |
|---|---|---|---|---|
HTTP-Redirect | HTTP-POST (default) | Standard Web SSO | ✅ | ✅ |
HTTP-POST | HTTP-POST (default) | POST → POST | ✅ | ✅ |
HTTP-Artifact | HTTP-Artifact (default) | Artifact Binding | ✅ | ⌛ |
HTTP-Redirect | HTTP-Artifact | Redirect → Artifact | ✅ | ⌛ |
HTTP-POST | HTTP-Artifact | POST → Artifact | ✅ | ⌛ |
HTTP-Artifact | HTTP-POST | Artifact → POST (nonstandard) | ❌ | ⌛ |
HTTP-Redirect | HTTP-Redirect | INVALID | ❌ | ⌛ |
HTTP-POST | HTTP-Redirect | INVALID | ❌ | ⌛ |
HTTP-Artifact | HTTP-Redirect | INVALID | ❌ | ⌛ |
InvalidBinding | HTTP-POST | Invalid Request Binding | ❌ | ⌛ |
HTTP-POST | InvalidBinding | Invalid Response Binding | ❌ | ⌛ |
InvalidBinding | InvalidBinding | Invalid Request & Response | ❌ | ⌛ |