Idp Initiated SSO and send via HTTP POST

I am working on a test application in MVC for IdP-initiated single sign-on integration. I am the IdP.

I have a web app can be used to act as SP: http://billpay.local/sso/msazuretest/account/logon

I have the following questions:

1. If I am using the high-level API to Initiate SSO from IdP, how does it know what SAML.config to use and how to create SAML assertion before sending?
2. Do I need to include both IdP and SP configuration within the SAML.config file? Such as the one below.

<SAMLConfiguration xmlns="urn:componentspace:SAML:2.0:configuration">
  <IdentityProvider 
	Name="TestIdentityProvider"
	Description="Local Test Identity Provider">
    <LocalCertificates>
      <Certificate FileName="Certificates\idp.pfx" Password="123"/>
    </LocalCertificates>
  </IdentityProvider>
  
  <PartnerServiceProviders>
    <PartnerServiceProvider Name="MSAZURETEST"
                      AssertionConsumerServiceUrl="http://billpay.local/sso/msazuretest/account/logon"
                      SingleLogoutServiceUrl="http://billpay.local/sso/msazuretest/account/logout">
		  <PartnerCertificates>
			  <Certificate FileName="Certificates\sp.cer"/>
		  </PartnerCertificates>
	  </PartnerServiceProvider>
  </PartnerServiceProviders>
</SAMLConfiguration>

3. If I want the assertion to be signed and encrypted using SP public key before sending, what needs to be specified?
4. I would like to retrieve the SAML.config from metadata, how can I do it? What method to use to initiate SSO? Looks like InitiateSSO() method doesn’t allow SAMLConfiguration to be specified.

SAMLIdentityProvider.InitiateSSO(Response, userName, attributes, relayState, assertionConsumerServiceUrl);

Thanks in advance.

Regards,

Thanks in advance.

Regards,
Louie

1. By default we look for a saml.config in the application’s root folder. The call to SAMLIdentityProvider.InitiateSSO creates and sends a SAML response containing a SAML assertion to the specified partner service provider.

2. You need both the <IdentityProvider> and <PartnerServiceProvider> configuration. The former specifies information about your local IdP. The latter specifies information about the partner SP. The Configuration Guide in the documentation folder has more information.

3. By default the SAML assertion is signed but not encrypted. You can specify the SAML assertion is to be encrypted through the<PartnerServiceProvider> configuration. The assertion is signed using the IdP’s local certificate and encrypted using the SP’s partner certificate.

    <PartnerServiceProvider
      Name="MSAZURETEST"
      EncryptAssertion="true"

4. The saml.config and SAML metadata serve different purposes and have different syntaxes. You can import SAML metadata to update a saml.config. The ImportMetadata project under the Examples\Metadata folder demonstrates this. The Metadata Guide in the documentation folder has more information.