Connecting Sandbox IDP

Instructions on how to connect the Sandbox IDP to Authorization Control Plane (ACP) and how to enrich users' mock data.

About Sandbox IDPs

Sandbox IDP is a static IDP that gives you a possibility to test ACP features without the need to configure connection to your identity provider. It allows you to create and define mock users that can be useful while testing or creating proofs of concept. You can add a Sandbox IDP on a workspace level. You can also enrich the user’s authentication context by using the ACP Update Static IDP API.

Note

It is possible to have exactly one Sandbox IDP or an external datastore IDP enabled for a workspace, but you can create more of them. Enabling one of the IDPs results in disabling the one that was enabled so far. Enabling static IDPs

A Sandbox IDP can be created and connected in two ways:

  • During the workspace creation where you are led through all of the necessary steps

    Creating Sandbox IDP during the workspace creation process

  • After a workspace had been created

Create a Sandbox IDP

  1. Go to Workspace > Identities.

  2. Select CREATE IDENTITY.

  3. Select Sandbox IDP.

  4. Fill in the necessary fields and provide mock users.

    Tip

    You can enable the authentication context caching if you wish to store the user’s authentication context locally. Learn more by reading the stateful authorization with ACP documentation.

    Example

    Creating a Sandbox IDP example

  5. Select Save.

    Result

    Your Sandbox IDP is created and visible in the Identities.

About enriching mock users authentication context

In ACP, you can enrich your mock users' authentication context. You can do it by using the ACP Update Static IDP API.

Prerequisites

  1. You have created a Sandbox IDP.

  2. You have created authentication context attributes for your IDP.

  3. You have mapped attributes to an already existing AuthN context attributes or to newly created ones.

Enrich authN context for mock users

  1. Prepare a request body that you will use in your request to the update static IDP endpoint.

                    
                        
        {
            "id": "c2vjshp6ngjkelj1jftg",
            "tenant_id": "default",
            "authorization_server_id": "sample-workspace",
            "client_id": null,
            "name": "Sample IDP",
            "disabled": true,
            "method": "static",
            "attributes": null,
            "mappings": [
                {
                    "source": ".",
                    "target": ".",
                    "type": "any",
                    "allow_weak_decoding": false
                }
            ],
            "static_amr": [],
            "transformer": {
                "enabled": false,
                "script": ""
            },
            "config": {
                "enable_stateful_ctx": false,
                "stateful_ctx_duration": "0s"
            },
            "settings": {
                "hint": false
            },
            "credentials": {
                "users": [
                    {
                        "username": "user1",
                        "password": "StrongP@ssword!",
                        "authentication_context": {
                            "studentID": "f5cda932",
                            "maritalStatus": "Married"
                        }
                    },
                    {
                        "username": "user2",
                        "password": "StrongP@ssword!",
                        "authentication_context": {
                            "studentID": "c8fe349e",
                            "maritalStatus": "Single"
                        }
                    },
                    {
                        "username": "user3",
                        "password": "StrongP@ssword!",
                        "authentication_context": {
                            "studentID": "fafbdbc2",
                            "maritalStatus": "Divorced"
                        }
                    }
                ]
            }
        }
        

    Tip

    You can define your attributes and their values under the authentication_context node.

  2. Send a request to the update static IDP endpoint.

    curl -v -k -X PUT https://example.com/api/admin/default/servers/sample-workspace/idps/static/c3k1nl8ppd6re169h590 -H "Authorization: Bearer $AT" -d '{
        "id": "c3k1nl8ppd6re169h590",
        "tenant_id": "default",
        "authorization_server_id": "sample-workspace",
        "client_id": null,
        "name": "Sample IDP",
        "disabled": false,
        "method": "static",
        "attributes": null,
        "mappings": [
            {
                "source": ".",
                "target": ".",
                "type": "any",
                "allow_weak_decoding": false
            }
        ],
        "static_amr": [],
        "transformer": {
            "enabled": false,
            "script": ""
        },
        "config": {
            "enable_stateful_ctx": false,
            "stateful_ctx_duration": "0s"
        },
        "settings": {
            "hint": false
        },
        "credentials": {
            "users": [
                {
                    "username": "user1",
                    "password": "StrongP@ssword!",
                    "authentication_context": {
                        "studentID": "f5cda932",
                        "maritalStatus": "Married"
                    }
                },
                {
                    "username": "user2",
                    "password": "StrongP@ssword!",
                    "authentication_context": {
                        "studentID": "c8fe349e",
                        "maritalStatus": "Single"
                    }
                },
                {
                    "username": "user3",
                    "password": "StrongP@ssword!",
                    "authentication_context": {
                        "studentID": "fafbdbc2",
                        "maritalStatus": "Divorced"
                    }
                }
            ]
        }
    }  '
    

    Result

    Authentication context of your mock users is enriched with additional attributes.

Verify authN context

To test if you have enriched the authentication context for mock users correctly, perform one of the following steps:

  • Use the ACP get static IDP API. By using it, you can get the configuration of your static IDPs in the response body. Verify if the configuration from the response matches the configuration you had provided in the request to the updateStaticIDP endpoint.

  • Configure claims for access tokens to include your authentication context attributes and log in to the Demo Application using your Static IDP and one of the user credentials you had defined. Verify that the additional attributes are available, as in the example below.

    Authentication context attributes visible in access tokens