How do I set up a local test SAML2.0 Identity Provider?

There is an open Idp that will reply to any AuthnRequest available for free at https://stubidp.sustainsys.com. It will allow you to set the Subject NameId you want in a simple form and then reply back to the SP. If you want to set up your own instance, the source of the stubidp is available at https://github.com/Sustainsys/Saml2.

Disclosure notice: I'm the author of the stubidp, but I won't make any money out of anyone using it, it's provided entirely as a free service.

You actually do not need to publish your endpoints in order to be able to use a public IDP.

All communication between the SP and IDP is either done through your browser (which of course needs to be able to access both your local SP and public IDP), or your SP calls IDP (when using HTTP-Artifact profile). But in usual situations IDP never directly calls SP, which means that SP can be running locally without a publicly accessible URL.

One of the public IDPs which can be configured in this way is SSO Circle.

In case you would still like to run an IDP locally, Shibboleth is probably your easiest bet.

Another option is https://github.com/mcguinness/saml-idp. It's straight-forward and quick to setup for local testing (it's a node server). I successfully used it to implement some full end-to-end SAML SSO tests using cypress.

We have a .net core app, and I basically just run node server.js on startup if running in development environment. I redirect output of the node server to our .net core web app's output, so we can see the SAML requests/responses right alongside our app's logs. Works really well.