Hello,
Currently I have our application being connected to by various clients using ADFS2. However I know have a client that would like to connect using Azure.
In the past I have provided a certificate and Assertion Consumer Service URL. But this client tells me they have no way to import the certificate into their setup.
Is it possible to have them SSO into our app using Azure? Will the ADFS config setup work? Do I need to provide them anything else besides a certificate from my side?
Any assistance is much appreciated.
Thanks Again,
Adam
Hi Adam
Azure AD is supported although the configuration is different from ADFS.
They won’t require your certificate as the SAML authn request doesn’t have to be signed.
I suggest you ask them for their SAML metadata. This is referred to as the Federation Metadata in Azure AD.
You can then update your code or configuration as required.
You’re welcome to email us at support@componentspace.com the SAML metadata they send you as well as your existing SAML configuration and we can assist with the required updates.
[quote][/quote]
Hi Adam
Azure AD is supported although the configuration is different from ADFS.
They won't require your certificate as the SAML authn request doesn't have to be signed.
I suggest you ask them for their SAML metadata. This is referred to as the Federation Metadata in Azure AD.
You can then update your code or configuration as required.
You're welcome to email us at support@componentspace.com the SAML metadata they send you as well as your existing SAML configuration and we can assist with the required updates.
Azure AD is supported although the configuration is different from ADFS.
They won't require your certificate as the SAML authn request doesn't have to be signed.
I suggest you ask them for their SAML metadata. This is referred to as the Federation Metadata in Azure AD.
You can then update your code or configuration as required.
You're welcome to email us at support@componentspace.com the SAML metadata they send you as well as your existing SAML configuration and we can assist with the required updates.
Thanks for the reply,
- Is the only code change I will need to make on my end skipping the decryption of the authn request? Is everything else the same?
More importantly how do I skip the certificate decryption. Right now Im using the method "SAMLServiceProvider.ReceiveSSO()". Is there a flag to skip the certificates or is it pure config file?
- Do I need to make any changes to my SAML.config file (currently setup for ADFS)?
Please provide me as much information as possible as I am trying to get this out ASAP and there is a bit of a time difference.
If only a config change is needed can you update the below with what is needed.
<?xml version="1.0"?>
<ServiceProvider Name="xxx.com"
AssertionConsumerServiceUrl="xxx/AssertionConsumerService.aspx"
LocalCertificateFile="xxx.pfx"
LocalCertificatePassword="xxx"/>
https://xxx/"
SignAuthnRequest="true"
SignLogoutRequest="true"
WantSAMLResponseSigned="false"
WantAssertionSigned="true"
WantAssertionEncrypted="true"
WantLogoutResponseSigned="true"
UseEmbeddedCertificate="true"
ClockSkew="00:03:00"
SingleSignOnServiceBinding="xxx"
SingleSignOnServiceUrl="https://xxx"
SingleLogoutServiceUrl="https://xxx"
NameIDFormat="xxx"/>
Thanks Again,
Adam
Hi Adam
It should be just a configuration change without having to change your code.
You will need to add a entry for your Azure AD instance.
If you could supply me with the Azure AD SAML metadata I can provide you with the exact configuration.
However, your configuration will be similar to that of the ExampleServiceProvider.
I’ve included the entry below from the ExampleServiceProvider that we used for our internal testing.
This information is retrieved from the Azure AD SAML metadata which is available through the Azure admin console.
You should ask the IdP to supply you with their SAML metadata.
<PartnerIdentityProvider Name=“<a href=“https://sts.windows.net/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/””>https://sts.windows.net/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/“
Description=“Azure AD”
SignLogoutRequest=“true”
WantSAMLResponseSigned=“false”
WantAssertionSigned=“true”
WantLogoutResponseSigned=“true”
SignatureMethod=”<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1"”>http://www.w3.org/2000/09/xmldsig#rsa-sha1"
SingleSignOnServiceUrl=“<a href=“https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2"”>https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2”
SingleLogoutServiceUrl=“<a href=“https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2"”>https://login.microsoftonline.com/f2f933ec-d7c9-433f-8926-d3a0732a7dcf/saml2”
PartnerCertificateFile=“Certificates\azure.cer”/>