SAML is a new concept to me but I’ve been tasked with implementing the following SSO solution using SAML: I have a legacy web app (ASP.NET MVC) that my users log into. I want to enable my users to navigate to a couple other SPs, such as FreshDesk and another 3rd party app that supports SSO via SAML. I want to continue to authenticate my users in my legacy web app and then enable them to access the other SPs, FeshDesk and the other 3rd party app without singing into those apps. Is this scenario supported in SAML? If so, any guidance on how to set this up would be much appreciated. If it’s not recommended to build the IdP into your legacy authentication process, is there a way to inform an IdP that a user is authenticated without the user having to be authenticated by a login page on the IdP?
Yes, this is definitely a supported scenario. The mechanism you use to authenticate the user at the identity provider is independent from the SAML SSO flow.
As the identity provider you can authenticates users as you currently do.
You then call into our SAML API to support the SSO flow.
Please take a look at section 10.2 of our Developer Guide PDF which you’ll find in the product Documentation folder.
This describes the MvcExampleIdentityProvider project and corresponding MvcExampleServiceProvider.
The MvcExampleIdentityProvider calls SAMLIdentityProvider.InitiateSSO and SAMLIdentityProvider.ReceiveSSO to support IdP-initiated and SP-initiated SSO.
You would need to make similar calls in your application to support these flows.
The MvcExampleIdentityProvider includes a saml.config file. This includes information about your local identity provider and the partner service providers.
You would need a saml.config file but specific to your environment.
If you need any further assistance you’re welcome to contact us by email or through the forum.