Skip to content
English
Contact Support
  • There are no suggestions because the search field is empty.

Testing your SSO Integration

Here are the steps recommended to test your SSO integration.

Testing Your SSO Integration

After you have completed the steps to set up Single Sign-On (and optional Single Logout ) in Foundry and in your service provider, you should run through several different test scenarios to verify that the setup is correct in both your identity provider and in Foundry.

EVERFI has prepared a test case template (available as a Google Sheet) to help you verify that your SSO integration works as intended. Download the test case template here:

EVERFI Foundry SAML SSO SLO Test Cases

How to Use the Template

  • Open the Google Sheet linked above and go to File > Make a copy to make a copy for your own use
  • As you run through the scenarios, use the checkbox in column C (“Passed?”) to indicate which test cases have passed testing
  • If certain scenarios don’t pertain to your specific implementation, then delete those rows or strike them out since you don’t need to test them. For instance, rows 5 through 7 (Test Cases SSO-04, SLO-20, and SLO-21) pertain to optional features (User Provisioning and Single Log-Out, respectively) that you may not have enabled.
  • If you have any testing notes to record, type them into column L (“Testing Notes”)

Testing Tips

  • Before testing SSO, we recommend starting a new browser session and make sure you are fully logged out of your IDP and Foundry.
  • Following on the theme above, to avoid login confusion, we recommend testing SSO in a different browser software than your primary preferred browser. For example, if you normally use Chrome, then test in Firefox.
  • Firefox is handy for testing SAML because of the SAML-tracer browser add-on. If you are comfortable with technical details, then we recommend testing with this add-on because it calls out any SAML messages that help you see the SAML exchanges between your IDP and Foundry. Other browsers have similar plugins and extensions but we happen to like the Firefox version. To use this add-on, install it first. Then, prior to starting SSO, click the add-on link in your browser, which will open a new SAML tracer window. Then run your SSO steps. You will see in SAML-tracer all the various SAML messages logged. Click on any log entry to see more details. Note that if your IDP encrypts responses, you will not be able to see the clear-text SAML response sent from your IDP.
  • If you prefer to test in Google Chrome, we recommend installing the SAML Chrome Panel extension. Install the extension, enable debugger tools (View –> Developer –> Inspect Elements), then view the SAML menu in the developer tools to see the SAML messages.
  • Some of these test cases will not be relevant to your implementation if you do not support certain features, so you can ignore any test cases that don’t apply to your scenarios. For example, you might support only SP-initiated SSO and not IDP-initiated SSO, or vice versa, or you might not support SLO, or you might not support the feature to add new users during SSO.
  • To run Test Cases SSO-03 and SSO-04, you will need to make sure your user doesn’t exist in Foundry. Since your user probably does exist in Foundry, you can temporarily edit the Foundry user and change the SSO ID by putting the letter “x” in front of the User; remember to correct this afterwards. Note that you cannot change the SSO ID of your own user, so you’ll need to get a colleague to do this for you. Alternately, set up a dummy user for testing these cases.
  • Running into issues? Check the SSO Troubleshooting page and the Single Logout page for common setup snags.