Menu
I am trying to add SAML 2.0 authentication to an ASP.Net Core solution. I can't find any documentation on the subject, so I am unsure where to start. There is probably documentation out there, but I don't want to spend 3 days becoming an expert on this.
From what I can see ASP.Net Core has changed something from the old OWIN assemblies/namespaces. There are third party libraries to simplify SAML 2.0 implementation such as Kentor.AuthServices.
I am unsure how to combine this with ASP.Net 5 RC 1 / ASP.Net Core. For example making use of the AspNet* tables in SQL.
ASP.Net 5 RC 1 comes with several libraries to implement authentication (client).
For example:
Implementing these is a matter of calling a simple extension method in Startup.cs:
app.UseIdentity() .UseFacebookAuthentication(new FacebookOptions { AppId = "ID", AppSecret = "KEY" }) .UseGoogleAuthentication(new GoogleOptions { ClientId = "ID", ClientSecret = "SECRET" }) .UseTwitterAuthentication(new TwitterOptions { ConsumerKey = "KEY", ConsumerSecret = "SECRET" }); Once that is done the ASP.Net sample project automatically shows social buttons for login/manage account:
In the backend code the authentication providers are retrieved using var otherLogins = _signInManager.GetExternalAuthenticationSchemes().Where(auth => userLogins.All(ul => auth.AuthenticationScheme != ul.LoginProvider)).ToList();. This means the authentication providers are registered somewhere that makes them available by calling _signInManager.GetExternalAuthenticationSchemes().
How can I implement SAML 2.0 authentication in ASP.Net 5 RC1 / ASP.Net Core?
845
SAML stands for Security Assertion Markup Language. It is an XML-based open-standard for transferring identity data between two parties: an identity provider (IdP) and a service provider (SP). Identity Provider — Performs authentication and passes the user's identity and authorization level to the service provider.
Security assertion markup language (SAML) is an authentication process. Head to work in the morning and log into your computer, and you've likely used SAML. Open authorization (OAuth) is an authorization process. Use it to jump from one service to another without tapping in a new username and password.
This is probably basically an updated version of Anders Abel's answer, but:
I used https://github.com/Sustainsys/Saml2. They have a nuget package with 36k downloads called "Sustainsys.Saml2.AspNetCore2".
They have a helpful example .net core app using it that also uses .net core identity here: https://github.com/Sustainsys/Saml2/tree/master/Samples/SampleAspNetCore2ApplicationNETFramework (take a look at their startup.cs and also their external login razor pages for implementation details).
They also host a nice test IdP here: https://stubidp.sustainsys.com. That way, you can confirm your app's ACS (Assertion Consumer Service) endpoint works along with your login page and whatnot.
They mention on their github: "The library was previously named Kentor.AuthServices."
108
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
