function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

SAML 2 : Does IdP need to be on Public domain


 for SAML 1.1 it is necessary for the Idp (Identity Provider) to communicate with the SP (Service Provider); SF docs also mention that the Idp should be on a public domain (not just IP).


However, for SAML 2 which is SP first (SP = Sales Force / SF) in this case, I wanted to have a localhost implementation of SSO server + SAML. Is it practical to consider this testing scenario since all requests are routed through the browser as per SAML 2.0 afaik.


Someone please share some light on this... am having a tough time setting up to test this stuff out.

Best Answer chosen by Admin (Salesforce Developers) 
Scott T.Scott T.

Yes - a local (private) test IdP works fine.  As you say, since all communication goes via your browser (HTTP Redirect or POST) then as long as your browser can resolve the hostnames, it will work as expected.