Hi Team ,
I’m using ComponentSpace.Saml2 4.10.0 (Licensed).
I have scenario of 1 SP and Multiple IDP . And On request from customer to my ssorequest controller I want to pick correct PartnerServiceProviderConfigurations from database and call to _samlServiceProvider.InitiateSsoAsync(); method. So, customer accordingly can redirect to IDP site.
However, Injecting SAML configuration in startup method will be too early here in my case because i don’t get the customerId yet.
I gone through the documentation and ExampleServiceProvider example as well but not much get clarity to use CustomConfigurationResolver and ConfigureSaml mentioned in ConfigurationExamples-
1. builder.Services.AddSaml(config => ConfigurationExamples.ConfigureSaml(config));
Problem is ConfigureSaml is static method where i could not write my DB operation to get details of customer identity provider.
2. builder.Services.AddSaml().AddConfigurationResolver();
builder.Services.AddTransient<ISamlConfigurationResolver, CustomConfigurationResolver>();
I injected ISamlConfigurationResolver dependancy in my controller and tried to call GetPartnerIdentityProviderConfigurationAsync() method , but it not get called and debugger is going to SAML package instead of my custome written code.
Looking for support how i can use ISamlConfigurationResolver from my controller’s action method to update PartnerServiceProviderConfigurations for current context.
Please guide .
Awaiting someone support.
I think you mean you want to pick the correct PartnerIdentityProviderConfiguration rather than PartnerServiceProviderConfguration.
If I understand correctly, you know each PartnerIdentityProviderConfiguration at application start-up. You simply want to select the correct PartnerIdentityProviderConfiguration to use in your ssorequest controller.
The method _samlServiceProvider.InitiateSsoAsync’s first argument is the partnerName. This specifies which partner IdP to initiate SSO to. The partnerName must match with one of the PartnerServiceProviderConfguration.Name properties. For example, if your SAML configuration included ten PartnerIdentityProviderConfiguration items with names IdP1 to IdP10, the partnerName would be set to IdP5 if you wished to initiate SSO to this IdP.
There is no need to change the SAML configuration in your controller and, in fact, it’s better to not do so.
The customerId you mentioned could be the partnerName if there’s a direct mapping. Otherwise, your application would have a mapping of customer IDs to PartnerIdentityProviderConfiguration Names.
The above is true regardless of whether SAML configuration is included in appsettings.json, set through a ConfigureSaml delegate, or via a custom ISamlConfigurationResoilver implementation.
If I understand correctly, you know each PartnerIdentityProviderConfiguration at application start-up. You simply want to select the correct PartnerIdentityProviderConfiguration to use in your ssorequest controller.
The method _samlServiceProvider.InitiateSsoAsync's first argument is the partnerName. This specifies which partner IdP to initiate SSO to. The partnerName must match with one of the PartnerServiceProviderConfguration.Name properties. For example, if your SAML configuration included ten PartnerIdentityProviderConfiguration items with names IdP1 to IdP10, the partnerName would be set to IdP5 if you wished to initiate SSO to this IdP.
There is no need to change the SAML configuration in your controller and, in fact, it's better to not do so.
The customerId you mentioned could be the partnerName if there's a direct mapping. Otherwise, your application would have a mapping of customer IDs to PartnerIdentityProviderConfiguration Names.
The above is true regardless of whether SAML configuration is included in appsettings.json, set through a ConfigureSaml delegate, or via a custom ISamlConfigurationResoilver implementation.
Hi ,
You are correct I mean to say to laod PartnerIdentityProviderConfiguration dynamically as per the custome id.
But i could not load SAML configuration in start up. As I have all list of PartnerIdentityProviderConfiguration in my database. Also In my application we not using Enitity Framework. With Inline queries and stored procedure I'm doing DB calls.
However, Can you help me with example (sample code) to implement ISamlConfigurationResolver interface .
I gone through the Example provided in your sample project and documentation as well ,but there is not clarity how to consume ISamlConfigurationResolver through custom controller .
Problem 1 - ConfigureSaml() is static method in provided example, where i could not using my non-static method to make DB call to read SAML configurations.
Problem 2 - I tried to use CustomConfigurationResolver as given in example, but when tried to call GetPartnerIdentityProviderConfigurationAsync i found my custom code is not executed , instead debugger goes in SAML DLL . In example , there is no clearity how to use CustomConfigurationResolver and called GetPartnerIdentityProviderConfigurationAsync() from custom my controller.
Please guide.
I’m not sure why the SAML configuration cannot be loaded at start-up if you wished to do this.
The AddSaml overload you’re referring to takes an Action delegate. The ConfigureSaml static method is an example of this delegate. I’m not sure why you need a non-static method to access the database.
However, rather than using a delegate, our recommendation is to implement the ISamlConfigurationResolver interface when the configuration is stored in a database. The application code doesn’t call GetPartnerIdentityProviderConfigurationAsync etc. Instead, these methods are called by the SAML library when specific configuration is required. For example, when processing a SAML response from a particular partner IdP, we’ll call GetPartnerIdentityProviderConfigurationAsync specifying the specific partner IdP name and the implementation should return the PartnerIdentityProviderConfiguration for this IdP.
The example ConfigurationResolver we include returns hard-coded configuration. Your implementation would read the configuration from your database. We ship a SamlDatabaseConfigurationResolver that stores configuration in an EntityFramework database. However, there are no restrictions on how you implement ISamlConfigurationResolver. The configuration may be stored in a relational database or whatever you like.
I suggest changing the ExampleServiceProvider project to use the included ISamlConfigurationResolver implementation and set breakpoints on each of the methods to understand how this works.
Just to re-emphasize, the application doesn’t call the ISamlConfigurationResolver implementation. Instead, this is called by the SAML library as and when specific configuration is required.