SAML Forms | Documentation | Total Validator

Documentation > SAML based authentication

With SAML based authentication systems the user gains access to one or more target systems (called a 'Service Provider' or 'SP' for short) by logging in on a different system (called the 'Identity Provider' or 'IdP' for short). So two distinct systems are involved; the SP and the IdP. The usual process is to start on the SP you wish to access, which redirects you to the IdP to log in, which then redirects you back to the SP where you can now access the restricted pages it hosts.

Total Validator can work with such a system, but you need to have a good understanding of the login system being used or you will have little chance of getting it to work, and you may be better off using one of our browser extensions instead.

Note that Total Validator will not test or follow any links on any pages on the IdP. It will just respond to <meta> and HTTP redirects, and look for and execute any matching forms on the pages returned. Also, note that the Total Validator application does not execute any JavaScript, so any processing involved must not rely on JavaScript being executed by a user's browser.

How to configure Total Validator

Before you start we strongly advise that you have worked with our example form first. Although this does not use SAML it will help familiarise you with several potential pitfalls when dealing with login forms.

Total Validator only tests pages with the same hostname as the Start page. This must be a URL pointing to the SP system that will redirect to the IdP login page. You cannot start with the URL of the login page on the IdP. If your system doesn't have such a URL on the SP system then Total Validator cannot work.

In the Include options you will need to specify any log off links on the SP system as you would for a normal login form. Also, you should never set the Follow remote links, the Only follow below or the Depth options, as these will prevent the login process from working properly.

Finally, because Total Validator needs to perform special processing to deal with the redirections and forms involved you must select the SAML option. You will also need to add Form details to match each of the forms involved: Because as well as the form where the user enters their login details, there is often a second form which is automatically posted.