Menu
I am using identity server 4 for authentication to my ASP.Net Core solution. And it is working well with Facebook, Google and other external identity provider. And now I am trying to add SAML 2.0 authentication to the identity server using Sustainsys.Saml2 from https://github.com/Sustainsys/Saml2 and making it work as an external identity provider. (Customers to our site want to login using their SAML identity provider using our Identity Server in the same way they can login via Facebook, Google, etc)
And what I have now is the
sign in URL - https://sso.domain.com/saml/idp/profile/redirectorpost/sso
sign out URL - https://sso.domain.com/saml/idp/profile/post/sls
However, I cannot find the document that describes how to setup the configuration of SAML 2.0 in identity server 4 startup.cs file. I think the configuration should look like the following based on the sample available at: https://github.com/Sustainsys/Saml2/blob/master/Samples/SampleAspNetCore2ApplicationNETFramework/Startup.cs
services.AddAuthentication()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("...");
options.IdentityProviders.Add(
new IdentityProvider(
new EntityId("..."), options.SPOptions)
{
LoadMetadata = true,
});
options.SPOptions.ServiceCertificates.Add(new X509Certificate2("..."));
}
);
In the sample there are two url's
https://localhost:44342/Saml2
http://localhost:52071/Metadata
What do these represent?
Can somebody tell me how to setup all the options for SAML2 in identity server 4?
278
SAML 2.0 (Security Assertion Markup Language) is an open standard created to provide cross-domain single sign-on (SSO). In other words, it allows a user to authenticate in a system and gain access to another system by providing proof of their authentication.
The Security Assertion Markup Language (SAML) protocol is used to exchange authentication data between parties. There are two sides to the SAML protocol: Identity Provider (IdP) and Service Provider (SP). We provide both SAML SP and SAML IdP implementations for Duende IdentityServer and IdentityServer4.
SSO vs SAML Both the authentication protocols serve a similar function to connect users and allow them to access the requested resource. SAML is an umbrella standard that covers federation, identity management and single sign on (SSO). SAML activates single Sign On (SSO) for browser based applications.
SAML Single Sign-On is a mechanism that leverages SAML allowing users to log on to multiple web applications after logging into the identity provider. As the user only has to log in once, SAML SSO provides a faster, seamless user experience.
There is a sample IdSrv4 in another branch: https://github.com/Sustainsys/Saml2/tree/netstandard/Samples/SampleIdentityServer4
There are working IdentityServer4 samples in https://github.com/Sustainsys/Saml2/tree/master/Samples
135
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
