Hello everyone,
I hope you’re all doing well. I have a question regarding IDP configurations that I’d like someone to help me with. Specifically, I’d like to know if receiving an IDP configuration from an external endpoint is possible.
Let me explain my situation. I’m working on integrating an identity provider (IDP) with my application, and I’ve followed the instructions in the IDP documentation. However, I’ve run into a snag. The documentation assumes that I have access to the IDP’s configuration file, which contains information such as the IDP’s endpoint URLs, certificate information, etc.
Unfortunately, I don’t have direct access to this configuration file. Instead, I need to retrieve this information from an external endpoint. Is it possible to do this? If so, can someone provide some guidance on how to go about it?
This will be necessary because the application is multi-tenancy. All the configs are saved on a MongoDB database and can be updated with frequency. We already have an endpoint to retrieve the configuration based on each tenancy. But I can’t find an example of it being possible.
Can ComponentSpace reload the configuration only on the fly?
Thank you in advance for your help.
I look forward to hearing your response.
Your best option to support frequently updating SAML configurations is to implement the ISamlConfigurationResolver interface.
The SAML library calls into this interface to retrieve specific configuration (eg local SP configuration, specific partner IdP configuration) only as it’s required.
Your implementation can store this configuration wherever you like including a MongoDB database.
Is the information at the external endpoint the IdP’s SAML metadata?
You can download SAML metadata and use this to update your database. The IMetadataToConfiguration.ImportUrlAsync method may be called to download SAML metadata and convert this into a SamlConfiguration object.
Alternatively, you can download the metadata and use the classes under the ComponentSpace.Saml2.Metadata namespace to directly access the metadata.
We don’t recommend downloading metadata as part of an SSO flow for performance reasons. It’s best to do this out-of-band.