cURL and wget – these tools tend to be of great value when a developer starts programming against a new API. With OAuth, you need to get an access token from one API and query another API for the actual data. Seeing the requests at the command line helps understanding the protocols and errors that might occur.
With SAML things are more complex. The most frequent usage scenarios in SAML assume the use of a browser. SAML messages are often sent through HTTP-POST, mainly because the content can become lengthy. Technically the POSTing of the SAML message to another server is done via auto-posting of a HTML form. Running a SAML SSO flow from the command line imposes challenges, which go beyond the simple use of cURL or wget.
When we first launched our SAML Testing API “SSOCheck”, we also provided a tool, implemented as a Firefox extension, to make running SAML flows leveraging the test API easier. Despite that we constantly receive requests to provide cURL samples which can be used to run tests. Thanks to our user’s suggestions, we have no prepared a tutorial about how to run SAML Tests with cURL from the command line. It is composed of two parts. The first part will create a script to run a SAML browser profile SSO flow. And the second part builds upon the script from part one and adds testing functionality using the SAML test API. Please start reading the tutorial.
[Update: 20/03/2016: Tutorial part II published]