Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Identity server 4 with SAML 2.0 as external identity provider for SSO

Tags:

asp.net-core-2.0

identityserver4

asp.net-core-mvc-2.0

saml-2.0

sustainsys-saml2

I am using identity server 4 for authentication to my ASP.Net Core solution. And it is working well with Facebook, Google and other external identity provider. And now I am trying to add SAML 2.0 authentication to the identity server using Sustainsys.Saml2 from https://github.com/Sustainsys/Saml2 and making it work as an external identity provider. (Customers to our site want to login using their SAML identity provider using our Identity Server in the same way they can login via Facebook, Google, etc)

And what I have now is the

  1. sign in URL - https://sso.domain.com/saml/idp/profile/redirectorpost/sso

  2. sign out URL - https://sso.domain.com/saml/idp/profile/post/sls

  3. CRT certificate for the SAML based identity provider of our customer.

However, I cannot find the document that describes how to setup the configuration of SAML 2.0 in identity server 4 startup.cs file. I think the configuration should look like the following based on the sample available at: https://github.com/Sustainsys/Saml2/blob/master/Samples/SampleAspNetCore2ApplicationNETFramework/Startup.cs

services.AddAuthentication()
    .AddSaml2(options => 
        {
            options.SPOptions.EntityId = new EntityId("..."); 
            options.IdentityProviders.Add(
                new IdentityProvider(
                        new EntityId("..."), options.SPOptions)
                        {
                            LoadMetadata = true,
                        });
            options.SPOptions.ServiceCertificates.Add(new X509Certificate2("..."));
       }
    );

In the sample there are two url's

  1. https://localhost:44342/Saml2

  2. http://localhost:52071/Metadata

What do these represent?

Can somebody tell me how to setup all the options for SAML2 in identity server 4?

like image 278
Jay Avatar asked Mar 01 '18 22:03

Jay

People also ask

What is a SAML 2.0 identity provider?

SAML 2.0 (Security Assertion Markup Language) is an open standard created to provide cross-domain single sign-on (SSO). In other words, it allows a user to authenticate in a system and gain access to another system by providing proof of their authentication.

Does Identity server support SAML?

The Security Assertion Markup Language (SAML) protocol is used to exchange authentication data between parties. There are two sides to the SAML protocol: Identity Provider (IdP) and Service Provider (SP). We provide both SAML SP and SAML IdP implementations for Duende IdentityServer and IdentityServer4.

What is difference between SSO and SAML?

SSO vs SAML Both the authentication protocols serve a similar function to connect users and allow them to access the requested resource. SAML is an umbrella standard that covers federation, identity management and single sign on (SSO). SAML activates single Sign On (SSO) for browser based applications.

What is the purpose of using SAML 2.0 SSO?

SAML Single Sign-On is a mechanism that leverages SAML allowing users to log on to multiple web applications after logging into the identity provider. As the user only has to log in once, SAML SSO provides a faster, seamless user experience.

1 Answers

  1. is the entity id of your application - corresponding to client id in open id connect.
  2. is the entity id of the upstream idp.

There is a sample IdSrv4 in another branch: https://github.com/Sustainsys/Saml2/tree/netstandard/Samples/SampleIdentityServer4

The sample uses the preview version for .NET Core, but the config is basically the same.

There are working IdentityServer4 samples in https://github.com/Sustainsys/Saml2/tree/master/Samples

like image 135
Anders Abel Avatar answered Oct 07 '22 15:10

Anders Abel
Sign in to Comment

Related questions

How to unit test HttpContext.SignInAsync()?
Views not being copied when publish the project in netcore 2.0 visual studio 2017
User.Identity.Name is empty in Asp.NET Core 2.0 API Controller
Bearer error="invalid_token", error_description="The signature is invalid"
How can I return a response in ASP.NET Core MVC middleware using MVC's content negotiation?
How to write log4net config into appsettings.json?
asp.net-core2.0 user auto logoff after 20-30 min
HttpWebRequest in .NET Core 2.0 throwing 302 Found Exception
serilog format SourceContext for showing only assembly name
How can I use @Scripts.Render with .Net Core 2.0 MVC application?
How to change starting page, using Razor Pages in .NET Core 2?
How to remove swagger production .net core 2.1
Pass parameter to Partial View in ASP.NET Core
Global Variables in ASP.Net Core 2
Get browser language in ASP.NET Core?
C# - System.Data.SqlClient.SqlException: 'Failed to generate SSPI context.'
How to change the default controller and action in ASP.NET Core API?
Can't connect to SQL 2008 database using .NET Core 2.0
Assembly uses version X which has a higher version than referenced assembly error
ASP.NET Core 2 - Multiple Azure Redis Cache services DI

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!