I was looking into LowLevelApi SP-Initiated SSO (SAML2serviceProvider).
In IdP after selecting the HTTP-Artifact & after logging in the below function gets called
IdentityProvider.SendArtifactByHTTPArtifact(Response, ssoState.assertionConsumerServiceURL, httpArtifact, ssoState.relayState, false);
and SP recieves it by calling ReceiveSAMLResponse(…) on page load in AssertionConsumerService.
How is the saml response sent back to SP ?
If you take a look at the low-level API SAML2ServiceProvider’s SAML/AssertionConsumserService.aspx page, it includes the following code to receive the artifact from the identity provider, send an artifact resolve request via the back channel to the identity provider, and receive the SAML response.
// Receive the artifact.
HTTPArtifact httpArtifact = null;
ServiceProvider.ReceiveArtifactByHTTPArtifact(Request, false, out httpArtifact, out relayState);
// Create an artifact resolve request.
ArtifactResolve artifactResolve = new ArtifactResolve();
artifactResolve.Issuer = new Issuer(CreateAbsoluteURL(“~/”));
artifactResolve.Artifact = new Artifact(httpArtifact.ToString());
XmlElement artifactResolveXml = artifactResolve.ToXml();
// Send the artifact resolve request and receive the artifact response.
string spArtifactResponderURL = WebConfigurationManager.AppSettings[“idpArtifactResponderURL”];
XmlElement artifactResponseXml = ArtifactResolver.SendRequestReceiveResponse(spArtifactResponderURL, artifactResolveXml);
ArtifactResponse artifactResponse = new ArtifactResponse(artifactResponseXml);
// Extract the SAML response from the artifact response.
samlResponseXml = artifactResponse.SAMLMessage;
The SAML2IdentityProvider’s SAML/ArtifactResponder.aspx page includes the following code to process the artifact resolve request and return the SAML response.
// Receive the artifact resolve request.
XmlElement artifactResolveXml = ArtifactResolver.ReceiveArtifactResolve(Request);
ArtifactResolve artifactResolve = new ArtifactResolve(artifactResolveXml);
// Get the artifact.
HTTPArtifactType4 httpArtifact = new HTTPArtifactType4(artifactResolve.Artifact.ArtifactValue);
// Remove the artifact state from the cache.
HTTPArtifactState httpArtifactState = HTTPArtifactStateCache.Remove(httpArtifact);
if (httpArtifactState == null) {
Trace.Write(“IdP”, string.Format(“The artifact {0} is not recognized.”, artifactResolve.Artifact.ArtifactValue));
return;
}
// Create an artifact response containing the cached SAML message.
ArtifactResponse artifactResponse = new ArtifactResponse();
artifactResponse.Issuer = new Issuer(CreateAbsoluteURL(“~/”));
artifactResponse.SAMLMessage = httpArtifactState.SAMLMessage;
XmlElement artifactResponseXml = artifactResponse.ToXml();
// Send the artifact response.
ArtifactResolver.SendArtifactResponse(Response, artifactResponseXml);