Hi,
We use ComponentSpace IDP to interop with SAML SPs, and in our logic we need to extract out SP name , for each SSO flow, in each of the below functions :
SingleSignOnServiceCompletion()
CompleteSsoAsync()
Please note that I was able to extract the SP name in other function: SingleSignOnService() ==> these two lines work for me
IdpSsoResult result = await _samlIdentityProvider.ReceiveSsoAsync();
string sp = result.PartnerName;
Can you please advise how I can get the same in the top two functions
The above functions refer to the following code:
======================
using ComponentSpace.Saml2;
using ComponentSpace.Saml2.Assertions;
using ExampleIdentityProvider.Data;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Security.Claims;
using System.Threading.Tasks;
namespace ExampleIdentityProvider.Controllers
{
public class SamlController : Controller
{
private readonly ISamlIdentityProvider _samlIdentityProvider;
private readonly SignInManager _signInManager;
public SamlController(ISamlIdentityProvider samlIdentityProvider, SignInManager signInManager)
{
_samlIdentityProvider = samlIdentityProvider;
_signInManager = signInManager;
}
public async Task SingleSignOnService()
{
// Receive the authn request from the service provider (SP-initiated SSO).
await _samlIdentityProvider.ReceiveSsoAsync();
// If the user is logged in at the identity provider, complete SSO immediately.
// Otherwise have the user login before completing SSO.
if (User.Identity.IsAuthenticated)
{
await CompleteSsoAsync();
return new EmptyResult();
}
else
{
return RedirectToAction(“SingleSignOnServiceCompletion”);
}
}
[Authorize]
public async Task SingleSignOnServiceCompletion()
{
await CompleteSsoAsync();
return new EmptyResult();
}
public async Task SingleLogoutService()
{
// Receive the single logout request or response.
// If a request is received then single logout is being initiated by a partner service provider.
// If a response is received then this is in response to single logout having been initiated by the identity provider.
var sloResult = await _samlIdentityProvider.ReceiveSloAsync();
if (sloResult.IsResponse)
{
if (sloResult.HasCompleted)
{
// IdP-initiated SLO has completed.
return RedirectToPage(“/Index”);
}
}
else
{
// Logout locally.
await _signInManager.SignOutAsync();
// Respond to the SP-initiated SLO request indicating successful logout.
await _samlIdentityProvider.SendSloAsync();
}
return new EmptyResult();
}
public async Task ArtifactResolutionService()
{
// Resolve the HTTP artifact.
// This is only required if supporting the HTTP-Artifact binding.
await _samlIdentityProvider.ResolveArtifactAsync();
return new EmptyResult();
}
private Task CompleteSsoAsync()
{
// Get the name of the logged in user.
var userName = User.Identity.Name;
// For demonstration purposes, include some claims.
var attributes = new List()
{
//new SamlAttribute(ClaimTypes.GivenName, ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.GivenName).Value),
//new SamlAttribute(ClaimTypes.Surname, ((ClaimsIdentity)User.Identity).FindFirst(ClaimTypes.Surname).Value)
new SamlAttribute(ClaimTypes.GivenName, “user”),
new SamlAttribute(ClaimTypes.Surname, “user”)
};
// The user is logged in at the identity provider.
// Respond to the authn request by sending a SAML response containing a SAML assertion to the SP.
return _samlIdentityProvider.SendSsoAsync(userName, attributes);
}
}
}
The best option is to save the SP name in your application so you can retrieve it in those methods.