Hi,
One of my client does not want to upgrade to new dll but want to use SSO for multi-tenants. How can I load configuration for multi-tenants like we can do using latest dll?
Using latest dll:
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration
{
Name = “<a href=“http://tenant-1”,”>http://tenant-1",
AssertionConsumerServiceUrl = “~/SAML/AssertionConsumerService”,
LocalCertificateFile = “path to certificate”,
LocalCertificatePassword = “password”
};
samlConfiguration.AddPartnerIdentityProvider(new PartnerIdentityProviderConfiguration
{
Name = “<a href=“http://sts.someserver.com/adfs/services/trust",">http://sts.someserver.com/adfs/services/trust”,
SignAuthnRequest = true,
WantSAMLResponseSigned = false,
WantAssertionSigned = false,
WantAssertionEncrypted = false,
UseEmbeddedCertificate = false,
SingleSignOnServiceUrl = “<a href=“https://sts.someserver.com/adfs/ls/””>https://sts.someserver.com/adfs/ls/”
});
SAMLController.Configurations[“tenant-1”] = samlConfiguration;
Thanks,
Muhammad Masood
Hi Muhammad
If you’re using an old version of the SAML2 DLL then instead of SAMLController.Configurations you will find a SAMLConfiguration.Configurations property that you should set.
Hi,
I changed my code to use SAMLConfiguration but now I am getting An X.509 certificate manager is not configure.
How can I configure it?
Thanks,
Muhammad Masood
Did you want to configure a custom certificate manager?
If so, there’s a CertificateManager property on the SAMLConfiguration class. This is with the older SAML2 DLL.
In more recent versions we refactored this code and created a SAMLController with similar properties rather than having a CertificateManager property off the SAMLConfiguration.
If you are not using a custom certificate manager and you’re getting an error, please enable SAML trace and send the log file to our support email address mentioning this forum post.
If so, there's a CertificateManager property on the SAMLConfiguration class. This is with the older SAML2 DLL.
In more recent versions we refactored this code and created a SAMLController with similar properties rather than having a CertificateManager property off the SAMLConfiguration.
If you are not using a custom certificate manager and you're getting an error, please enable SAML trace and send the log file to our support email address mentioning this forum post.
Below is the configuration I am loading:
SAMLConfiguration samlConfig = new SAMLConfiguration();
samlConfig.ServiceProviderConfiguration = new ServiceProviderConfiguration
{
Name = "https://tenant-1",
AssertionConsumerServiceUrl = "~/Sso/SAML/AssertionConsumerService",
CertificateFile = "sp.pfx",
CertificatePassword = "password"
};
samlConfig.AddPartnerIdentityProvider(new PartnerIdentityProviderConfiguration
{
Name = "http://adfs.server/adfs/services/trust",
SignAuthnRequest = true,
WantSAMLResponseSigned = false,
WantAssertionSigned = true,
WantAssertionEncrypted = true,
UseEmbeddedCertificate = true,
SingleSignOnServiceUrl = "https://adfs.server/adfs/ls/",
SignatureMethod = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"
});
SAMLConfiguration.Configurations["coles"] = samlConfig;
I have also sent a sp.log file to support email.
Thanks,
Muhammad Masood
Thanks Muhammad for sending the log.
You need to do the following;
using ComponentSpace.SAML2.Certificates;
SAMLConfiguration.CertificateManager = new CertificateManager(samlConfig);
This is required for the old SAML2 DLL you are using. Newer versions do this automatically.