End-to-end validation of the SAML IdP against a test Slack workspace.
Surfaced by the saml-idp plan's closeout (PR #49). The plan's unit tests cover:
- metadata XML structure
- IdP-initiated POST form structure + signed assertion contents
- SP-initiated AuthnRequest handling + resume cookie flow
But these don't exercise the real Slack SP behaviour. The validation needs:
- Connect a test Slack workspace (or codeforphilly.slack.com staging) to our IdP using the generated metadata
- IdP-initiated: hit
/api/saml/slack/launch?channel=phlask while signed in — verify Slack signs the user in and lands them in #phlask
- SP-initiated: sign into Slack via "Sign in with SSO" — verify the AuthnRequest round-trip works end-to-end
- Anonymous SP-initiated: same as (3) but starting from a signed-out browser — verify the resume cookie survives the /login redirect
Requires:
- Test Slack workspace (or staging admin access on codeforphilly.slack.com)
- Deploy to a publicly-reachable URL so Slack can POST to /api/saml/slack/sso
Out of band of the v1 cutover release.
End-to-end validation of the SAML IdP against a test Slack workspace.
Surfaced by the saml-idp plan's closeout (PR #49). The plan's unit tests cover:
But these don't exercise the real Slack SP behaviour. The validation needs:
/api/saml/slack/launch?channel=phlaskwhile signed in — verify Slack signs the user in and lands them in #phlaskRequires:
Out of band of the v1 cutover release.