Service providers with SAML version 2 for SSO accessible to public? [closed]

Answer 1

Here is how you can use salesforce developer's account to set up your IdP and test it with an example service provider hosted on heroku

STEP 1: Establish a Federation Id For this single sign-on implementation, we’ll set a user attribute that links the user between their Salesforce organization and an external application.

1. From Setup in your salesforce developer's account, enter Users in the Quick Find box, then select Users. Click Edit next to your current user. In the Single Sign On Information section, enter the Federation ID: admin@universalcontainers.com. For this example, we arbitrarily made up a Federation ID. The Federation ID is a unique username for each user that can be shared across multiple applications. Sometimes this is the employee ID for that user. Click Save.

STEP 2: Set up your Identity Provider

1. In a new browser window, go to http://axiomsso.herokuapp.com.
2. Click SAML Identity Provider & Tester. Click Download the Identity Provider Certificate. The certificate validates signatures, and you need to upload it to your Salesforce organization. Remember where you save it.
3. In your Salesforce organization, from Setup, enter Single Sign-On Settings in the Quick Find box, then select Single Sign-On Settings. Click Edit. Select SAML Enabled. Click Save.

4. In SAML Single Sign-On Settings, click New. Enter the following values.

   Name: Axiom Test App 
   Issuer: http://axiomsso.herokuapp.com Identity
   Provider Certificate: Choose the file you downloaded in step 3.
   Request Signing Certificate: Select a certificate. If no 
   certificate is available, leave as Generate self-signed 
   certificate. 
   SAML
   Identity Type: Select Assertion contains the Federation ID from the
   User object. 
   SAML Identity Location: Select Identity is in the
   NameIdentifier element of the Subject statement. 
   Service Provider Initiated Request Binding: Select HTTP Redirect. 
   Entity Id: Enter your My Domain name including “https”, such as
   https://universalcontainers.my.salesforce.com Click Save and leave
   the browser page open.
   

STEP 3: Generate SAML

1. Return to Axiom at http://axiomsso.herokuapp.com. Click generate a SAML response. Enter the following values (other fields can be left blank).

    SAML 2.0
    Username or Federated ID: admin@universalcontainers.com
    Issuer: http://axiomsso.herokuapp.com
    Recipient URL: Get that from the Salesforce SAML Single Sign-On 
    Setting page. (If you didn’t keep that page open, from Setup, 
    enter Single Sign-On Settings in the Quick Find box, then select 
    Single Sign-On Settings, and then click Axiom Test App.) Use the 
    Salesforce Login URL value.