Hi,
I am evaluating the ComponentSpace for .net for my organisation and need to implement Federation Authentication, After IOP SSO.
I am trying to implement the same as described in this forum post https://www.componentspace.com/Forums/9060/Get-more-claims. Found out that the namespace SamlFactory is only in .net core and not in .net. Please correct me if I am wrong. Please let me know how could I implement the same using .NET library.
Thanks
The ISamlClaimFactory is part of the SAML middleware support for ASP.NET Core. There isn’t an equivalent in product for ASP.NET.
The SAMLServiceProvider.ReceiveSSO API returns the SAML Name ID and SAML attributes. Your application can use these however you wish. If you’re using OWIN/Microsoft Identity, you can set claims for the user using the SAML attribute values. The following code from the MvcExampleServiceProvider project demonstrates this.
public ActionResult AssertionConsumerService()
{
// Receive and process the SAML assertion contained in the SAML response.
// The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
bool isInResponseTo;
string partnerName;
string authnContext;
string userName;
IDictionary<string, string> attributes;
string relayState;
SAMLServiceProvider.ReceiveSSO(
Request,
out isInResponseTo,
out partnerName,
out authnContext,
out userName,
out attributes,
out relayState);
// Automatically provision the user.
// If the user doesn’t exist locally then create the user.
// Automatic provisioning is an optional step.
var applicationUserManager = HttpContext.GetOwinContext().Get();
var applicationUser = applicationUserManager.FindByName(userName);
if (applicationUser == null)
{
applicationUser = new ApplicationUser();
applicationUser.UserName = userName;
applicationUser.Email = userName;
applicationUser.EmailConfirmed = true;
if (attributes.ContainsKey(ClaimTypes.GivenName))
{
applicationUser.Claims.Add(new IdentityUserClaim() { ClaimType = ClaimTypes.GivenName, ClaimValue = attributes[ClaimTypes.GivenName], UserId = applicationUser.Id });
}
if (attributes.ContainsKey(ClaimTypes.Surname))
{
applicationUser.Claims.Add(new IdentityUserClaim() { ClaimType = ClaimTypes.Surname, ClaimValue = attributes[ClaimTypes.Surname], UserId = applicationUser.Id });
}
var identityResult = applicationUserManager.Create(applicationUser);
if (!identityResult.Succeeded)
{
throw new Exception(string.Format(“The user {0} couldn’t be created.\n{1}”, userName, identityResult));
}
}
// Automatically login using the asserted identity.
var applicationSignInManager = HttpContext.GetOwinContext().Get();
applicationSignInManager.SignIn(applicationUser, false, false);
// Redirect to the target URL if any.
if (!string.IsNullOrEmpty(relayState) && Url.IsLocalUrl(relayState))
{
return Redirect(relayState);
}
return RedirectToAction(“Index”, “Home”);
}
We don’t place any restrictions on how your application uses the SAML Name ID and SAML attributes to authenticate the user. You can use OWIN as demonstrated above, web forms authentication as demonstrated by the ExampleServiceProvider project, or any custom authentication mechanism you choose.