Hey been in the IT space a while, but new to Web Development.
Currently helping my wife’s small business.
They have a ASP .Net Web App that uses MembershipProvider to authenticate users.
There is a client who uses their Web App that wants us to use / configure SP initiated SSO via SAML2, using the client as the ID Provider (they already have ID Provider setup)
I am looking to use component space SAML2 component to create the AuthnRequest back to the client IDP.
The question I have is do I need a Federated SP Server?
Or
Do I just update the WebApp using the component space library SP API and away I go -
Trying to sketch out what this looks like and IF i need a federated SP server, is there is a 3rd party company that provides that service that I can leverage / interface with (recommendations)?
The developer guide has the following for SP Init SSO, but I’ve gotten confused as everything I read online suggest setting up a Federated SP Server to interface with their Federated IDP Server
1. The user browses to the SP site.
2. The user attempts to access a protected page requiring the user to beauthenticated.
3. The SP sends an authentication request to the IdP’s SSO service endpoint.
4. If the user is not already authenticated at the IdP, the user must present theircredentials and login.
5. The IdP sends a SAML response containing a SAML assertion to the SP.
6. The SP uses the information contained in the SAML assertion, including theuser’s name and any associated attributes, and performs an automatic login.
Any additional filler or the topology / architecture that is required or expanding on the data flow would greatly be appreacited.
Boyd
Currently helping my wife's small business.
They have a ASP .Net Web App that uses MembershipProvider to authenticate users.
There is a client who uses their Web App that wants us to use / configure SP initiated SSO via SAML2, using the client as the ID Provider (they already have ID Provider setup)
I am looking to use component space SAML2 component to create the AuthnRequest back to the client IDP.
The question I have is do I need a Federated SP Server?
Or
Do I just update the WebApp using the component space library SP API and away I go -
Trying to sketch out what this looks like and IF i need a federated SP server, is there is a 3rd party company that provides that service that I can leverage / interface with (recommendations)?
The developer guide has the following for SP Init SSO, but I've gotten confused as everything I read online suggest setting up a Federated SP Server to interface with their Federated IDP Server
1. The user browses to the SP site.
2. The user attempts to access a protected page requiring the user to beauthenticated.
3. The SP sends an authentication request to the IdP’s SSO service endpoint.
4. If the user is not already authenticated at the IdP, the user must present theircredentials and login.
5. The IdP sends a SAML response containing a SAML assertion to the SP.
6. The SP uses the information contained in the SAML assertion, including theuser’s name and any associated attributes, and performs an automatic login.
Any additional filler or the topology / architecture that is required or expanding on the data flow would greatly be appreacited.
Boyd
Hey there Boyd,
in order to support SSO in your application, you just need to use componentspace's library. You can find high and low level api examples (as they call it) in installation directory of componentspace's library.
There’s no requirement for a separate federation server.
Your application will act as the service provider by calling into our SAML API to provide the SAML support.
Your application, acting as the service provider, and the client’s identity provider are the only applications involved in the SAML SSO flow.
I recommend taking a look at section 10.1 of our Developer Guide PDF which describes ExampleServiceProvider and associated ExampleIdentityProvider projects.
You’ll find these under the Examples\SSO\HighLevelAPI\WebForms folder.
It’s a good idea to run these two projects from the Visual Studio debugger to see SAML SSO in action.
There are equivalent MVC examples described in section 10.2 and under the Examples\SSO\HighLevelAPI\MVC folder.
The ExampleServiceProvider calls SAMLServiceProvider.InitiateSSO to create and send a SAML authn request to the partner identity provider.
The identity provider will authenticate the user and return a SAML response.
The ExampleServiceProvider calls SAMLServiceProvider.ReceiveSSO to receive and process the SAML response.
The returned user identity information is used to automatically login the user at the service provider.
Your application will need to make the same two SAML API calls.
The SAML API makes use of SAML configuration information about the local service provider and partner identity provider(s).
This include the target URL for the authn request, the identity provider certificate for verifying XML signatures etc.
The ExampleServiceProvider stores its SAML configuration in a saml.config file.
Your application would need to provide similar SAML configuration but specific to your environment.
The simplest way to do this is by using a saml.config file.
If you need assistance setting up your saml.config you’re welcome to contact support@componentspace.com.
Hopefully that’s enough to get you started but please feel free to ask any questions you might have either through the forums or by email.