I am trying to create new IDP service and i have few questions and i couldn’t figure out solution though i have gone through the documentation
a) i want to support only HTTP-Post binding . ComponentSpace by default supports HTTP-Redirect and HTTP-POST , is there a way to restrict them , so that if SP try to connect through REDIRECT i would throw exception ? I also want my metadata to only show HTTP-Post
b) Is there any way to inject OrganizationName and NameIdFormat on LocalIdentityProviderConfiguration and expose them through MetaData without low level code ?
We don’t support preventing a SAML authn request being sent using HTTP-Redirect. In your app you could check the request type and only call ReceiveSsoAsync if the request is an HTTP Post.
May I ask why you don’t want to support HTTP-Redirect? It’s quite commonly used.
As part of the export process, we do support including the Name ID format in the SAML metadata if this is included in the SAML configuration. However, we don’t support the organization information as this isn’t included in the SAML configuration. You would have to update the SAML metadata separately to include this information.
[quote][/quote]
We don't support preventing a SAML authn request being sent using HTTP-Redirect. In your app you could check the request type and only call ReceiveSsoAsync if the request is an HTTP Post.
May I ask why you don't want to support HTTP-Redirect? It's quite commonly used.
As part of the export process, we do support including the Name ID format in the SAML metadata if this is included in the SAML configuration. However, we don't support the organization information as this isn't included in the SAML configuration. You would have to update the SAML metadata separately to include this information.
May I ask why you don't want to support HTTP-Redirect? It's quite commonly used.
As part of the export process, we do support including the Name ID format in the SAML metadata if this is included in the SAML configuration. However, we don't support the organization information as this isn't included in the SAML configuration. You would have to update the SAML metadata separately to include this information.
about HTTP-Redirect , it was a ask from client to restrict them .
about NameId format i couldn't find any property under 'LocalIdentityProviderConfiguration' to set the value . Can you help point at the right documentation ?
Thanks for the information.
The NameIDFormat is under the PartnerServiceProviderConfiguration as it can vary from partner SP to partner SP.
[quote]
[/quote]
I agree it varies from SP to SP but OASIS metadata defn also has provision for NameIdFormat and you think we don't have good way to configure them within LocalIdentityProviderConfiguration ?
Here is the refrence SAML MD simplified overview.pdf (oasis-open.org) Page 4
When you call ConfigurationToMetadata.ExportAsync, if you specify an optional partnerName parameter, it will include whatever partner-specific information should be included in the metadata.
So, if you specify the partner SP name and this PartnerServiceProviderConfiguration has a NameIDFormat, this will be included in the generated IdP metadata.
[quote][/quote]
When you call ConfigurationToMetadata.ExportAsync, if you specify an optional partnerName parameter, it will include whatever partner-specific information should be included in the metadata.
So, if you specify the partner SP name and this PartnerServiceProviderConfiguration has a NameIDFormat, this will be included in the generated IdP metadata.
So, if you specify the partner SP name and this PartnerServiceProviderConfiguration has a NameIDFormat, this will be included in the generated IdP metadata.
that makes sense. thank you and i really appreciate your quick response :)
You’re very welcome.