Menu
We have created many SAML implementations in the past. Normally, the client would send us SAML XML data containing key info, user info, certificate , etc and we would parse the info, match key and certificates. And get user's unique identifier from the xml and then Authenticate the user based on whether he is present in our database or not and send logged in user to some page of our domain. (I have a secondary question to ask here: Does that make us Saml IdentityProvider or ServiceProvider).
Anyway, Now this one particular client is asking us to send them the SAML SSO Metadata files. They say that In order for them to deploy a federation from their environment into our environment they need a copy of our SAML SSO Service Metadata as specified here http://en.wikipedia.org/wiki/SAML_2.0#SSO_Service_Metadata
So what do i do? We have never has such a request before. We dont use any third party tools but have built a custom implementation of SAML using c# and Visual Studio. Please help.
529
The SAML metadata file contains information about the various SAML Authorities that can be used in SAML 2.0 protocol message exchanges. This metadata identifies Identity Provider endpoints and the certificates to secure SAML 2.0 message exchanges.
If you handle the authentication, you are the IDP.
The customer is correct - that's the way SAML normally works - both sides swap metadata. The metadata describes what profile, what binding, the certificate, the format of the NameID etc. etc.
Having done a lot of these, I'm somewhat bemused. I've never dealt with an IDP who couldn't provide metadata!
There are .NET 4.5 classes - System.IdentityModel.Metadata to do this.
Have a look at the open source code to generate metadata in IdentityServer.
(Note: this is WS-Fed only but the principle is the same).
172
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
