The SAML IDP Simulator is a modern Identity Provider emulator tailored for Check Point environments (Harmony, Quantum, CloudGuard, SASE). It provides a production-grade SAML SSO experience for:
- Security PoCs
- Workshops and demos
- Integration testing
✨ Featuring a full-featured web admin portal, dynamic attribute mapping, and realistic SAML flows, it's your best tool for simulating enterprise SAML logins.
- 🔐 SP-Initiated SSO using signed SAML Response + Assertion
- 🧩 Dynamic Attribute Mapping via admin UI (claim → user field)
- 👤 User Management with modal-based edit/create/delete
- 🧪 Multi-SP Support with isolated configuration per SP
- 🔑 X.509 Dual Signature support
- 🕸️ Web Login Flow simulates realistic browser-based authentication
- 📁 One-click Metadata / Certificate Download
- ⚙️ Admin Portal for easy control and visibility
sequenceDiagram
participant SP as Service Provider (Check Point)
participant Browser as User Browser
participant IdP as Identity Provider (Simulator)
Note over SP,Browser: SP-Initiated SSO
SP->>+Browser: Redirect with AuthnRequest (Base64, POST)
Browser->>+IdP: Send AuthnRequest to /sso
IdP->>Browser: Login Page HTML
Browser->>IdP: POST credentials
IdP->>IdP: Validate credentials, fetch SP config
IdP->>IdP: Generate SAML Assertion + Response
IdP->>Browser: HTML Form with auto-submit to ACS URL
Browser->>SP: POST SAMLResponse + RelayState
SP->>SP: Validate signatures, parse Assertion
SP-->>Browser: Authenticated session or portal
- Configure your Check Point and add a new Identity Provider Object
- Trigger login from SmartConsole / Portal
- The simulator receives and parses the AuthnRequest
- User logs in via the web interface
- A signed SAML Response + Assertion is generated and POSTed back
- Check Point logs the user in ✅
- Python 3.8+
- Flask
- signxml, lxml, flask-wtf, flask-limiter
- All dependencies:
pip install -r requirements.txt
# Clone the repo
git clone https://github.com/alshawwaf/SAML-IDP-Simulator.git
cd SAML-IDP-Simulator
# Install dependencies
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
# Run
python run.pydocker build -t saml-idp-simulator .
docker run -p 5000:5000 \
-e CERT_PATH=/app/certs/idp-cert.pem \
-e KEY_PATH=/app/certs/idp-key.pem \
saml-idp-simulatorSet ENABLE_SSL=false to run without HTTPS (useful behind a reverse proxy):
docker run -p 5000:5000 -e ENABLE_SSL=false saml-idp-simulatorADMIN_USERNAME="admin"
ADMIN_PASSWORD="Vpn123!"
SECRET_KEY="Super-very-secret-key"
IDP_HOST="localhost"
IDP_PORT="5000"
DEFAULT_SP_ENTITY_ID="https://your-sp.example.com/acs/id/..."
DEFAULT_SP_ACS_URL="https://your-sp.example.com/acs/sso"
SSO_SERVICE_URL="https://localhost:5000/sso"
FLASK_DEBUG=1🧭 Navigate to
https://localhost:5000/admin
- Add/edit SPs with:
- Name, Entity ID, ACS URL
- Claim-to-user-field mapping
- Configure multiple SPs independently
- Add/edit/delete users
- Auto-populated field mappings
- Password hashing included
| Endpoint | Description |
|---|---|
/sso |
Handles incoming AuthnRequest |
/login |
Login form |
/logout |
Logs the user out |
/metadata |
SAML metadata XML |
/download-cert |
Public certificate download |
/admin |
Admin UI |
-
In SmartConsole:
- Create an Identity Provider object
- Set ACS URL and Entity ID
- Upload metadata or public certificate
-
In the Simulator:
- Add SP config via admin UI
- Ensure ACS/Entity ID matches
- Start login from SmartConsole → simulate SSO
✅ Ensure the user exists in both systems.
Licensed under the MIT License
Feel free to fork, improve, and submit PRs!
Created by @alshawwaf for internal Check Point use, PoC enablement, and community SAML simulation.