Good day All,
I am using ComponentSpace as a Service Provider to establish SAML2 Single Sign On to my for my clients. The clients use their own identity providers to authenticate and gain access to my MVC5 web application. The issue I am having is that when a client wants to update their X509 certificate files I update the physical files dynamically, but I have to do an IIS reset to get the new certificate files to be used. How can I avoid having to do an IIS reset and get ComponentSpace to use the new X509 certificate files when authenticating. An example of my code is below.
var samlConfiguration = new
ComponentSpace.SAML2.Configuration.SAMLConfiguration();
var ssoUrl = “<a href=“https://www.ssoUrl/Consumer";">https://www.ssoUrl/Consumer”;
var ssoName =”<a href=“https://www.ssoName”;“>https://www.ssoName”;
var localServiceProviderConfiguration = new LocalServiceProviderConfiguration()
{
Name = ssoName,
AssertionConsumerServiceUrl = ssoUrl
};
samlConfiguration.LocalServiceProviderConfiguration = localServiceProviderConfiguration ;
var certNamePrimary = ConfigurationManager.AppSettings[“Certificate_Path”] + “cert-A.cer”;
var certNameSecondary = ConfigurationManager.AppSettings[“Certificate_Path”] + “cert-B.cer”;
var partnerIdentityProviderConfiguration = new
ComponentSpace.SAML2.Configuration.PartnerIdentityProviderConfiguration()
{
Name = clientConfig.PartnerIdPName,
SingleSignOnServiceUrl = clientConfig.IdPSingleSignOnServiceURL,
SignAuthnRequest = false,
WantSAMLResponseSigned = false,
WantAssertionEncrypted = false,
WantAssertionSigned = true,
PartnerCertificateFile = certNamePrimary ,
SecondaryPartnerCertificateFile = certNameSecondary
};
samlConfiguration.PartnerIdentityProviderConfigurations.AddPartnerIdentityProvider(partnerIdentityProviderConfiguration );
if (ComponentSpace.SAML2.SAMLController.Configurations.Keys.Contains(ssoUrl))
{
ComponentSpace.SAML2.SAMLController.Configurations.Remove(ssoUrl);
ComponentSpace.SAML2.SAMLController.Configurations.Add(ssoUrl, samlConfiguration);
}
else
ComponentSpace.SAML2.SAMLController.Configurations.Add(ssoUrl, samlConfiguration);
ComponentSpace.SAML2.SAMLController.ConfigurationID = ssoUrl;
SAMLServiceProvider.InitiateSSO(Response, null, "<a href=“http://company.com/adfs/services/trust");">http://company.com/adfs/services/trust”);
For performance reasons, we cache certificates in memory.
If certificates change relatively infrequently, which typically is the case, then it makes sense to cache them for the performance improvement.
We could add the option of not caching the certificates so an application restart isn’t required if you update a certificate.
However you would then take a performance hit.
If this is an enhancement you’d like to see added to the product, you’re welcome to contact us at support@componentspace.com to discuss your requirements further.