Test SSO
After implementing Single Sign-On using our Quickstart guide, you need to validate your integration for all possible scenarios. We have set up your development environment with two key components to make testing comprehensive and straightforward:
- Identity Provider Simulator: Test all possible Single Sign-On scenarios without requiring external services like Okta or Microsoft Entra ID.
- Test organization: Access a pre-configured organization with an SSO connection to our IdP Simulator and domains like
@example.comor@example.orgfor testing.
To ensure a successful SSO implementation, test all three scenarios described in this guide before deploying to production.
Service provider (SP) initiated SSO Scenario 1
Section titled “Service provider (SP) initiated SSO ”In this common scenario, users start the Single Sign-On process from your application’s login page.
How SP-initiated SSO works
Locating your test organization
Generating an authorization URL
Section titled “Generating an authorization URL”Use the following code to generate an authorization URL with your organization ID (as shown in step 2 of the sequence diagram). See the Authorization URL documentation for more details.
const options = {};options['organizationId'] = 'org_32656XXXXXX0438';
// Generate Authorization Urlconst authorizationURL = scalekit.getAuthorizationUrl(redirectUrl, options);
res.redirect(authorizationUrl);options = {"organizationId": 'org_32656XXXXXX0438'}
# Generate Authorization URLauthorization_url = scalekit.get_authorization_url( redirect_url, options,)
redirect(authorization_url)options.organizationId = "org_32656XXXXXX0438"
// Generate Authorization URLauthorizationURL := scalekitClient.GetAuthorizationUrl( redirectUrl, options,)
// Redirect the user to the Authorization URLoptions.setOrganizationId("org_32656XXXXXX0438");
// Generate Authorization UrlString url = scalekitClient .authentication() .getAuthorizationUrl(redirectUrl, options) .toString();
// Redirect the user to the Authorization URLTesting with the IdP Simulator
Section titled “Testing with the IdP Simulator”- The user will be redirected to the Identity Provider (IdP) Simulator
- Select “User login via SSO” to view the simulation form
- Enter user details to simulate a user signing in via SSO
After entering the user details, your application will receive an idToken indicating successful simulation. The token contains the following details:
Identity Provider (IdP) initiated SSO Scenario 2
Section titled “Identity Provider (IdP) initiated SSO ”In this scenario, users start the sign-in process from the Identity Provider, typically through an applications catalog. This allows users to conveniently access applications available within their organization.
If you haven’t implemented IdP-initiated SSO in your application yet, follow our guide for implementing IdP-initiated SSO before testing this scenario.
Testing IdP-initiated SSO
Section titled “Testing IdP-initiated SSO”- Generate the authorization URL using the Test organization
- Get redirected to the IdP Simulator
- Select “IdP initiated SSO” from the dropdown menu
- Enter test user details to simulate the login
Testing IdP-initiated requests
Section titled “Testing IdP-initiated requests”Implement logic in your callback handler to identify and process IdP-initiated requests from Scalekit. Learn more about implementing IdP-initiated SSO.
For IdP-initiated callbacks, retrieve necessary details (such as connection_id or organization_id) from Scalekit to construct an authorization URL. This effectively converts an IdP-initiated SSO into an SP-initiated SSO.
Error handling Scenario 3
Section titled “Error handling ”Your application should gracefully handle error scenarios to provide a good user experience.
To test error handling:
- Redirect to the authorization URL
- Select the “Error” scenario in the IdP simulator
- Process the error in your callback handler