Implementation of SAML2

SAML for ASP.NET
1

I downloaded SAML v2 and I want to implement it with my application. I am SP and I received SAML response from IDP. what do I need to do?

<samlp:Response ID=“_a71cf287-9700-4c42-aa8e-ccb0a5f57621” Version=“2.0” IssueInstant=“2015-03-31T00:11:51.134Z” Destination=“MySiteName”
xmlns:samlp=“urn:oasis:names:tc:SAML:2.0:protocol”>
<saml:Issuer xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>Company Name</saml:Issuer>
<Signature xmlns=“”>http://www.w3.org/2000/09/xmldsig#“>

<CanonicalizationMethod Algorithm=”<a href=“http://www.w3.org/2001/10/xml-exc-c14n#”“>http://www.w3.org/2001/10/xml-exc-c14n#” />
<SignatureMethod Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#rsa-sha1"”>http://www.w3.org/2000/09/xmldsig#rsa-sha1” />


<Transform Algorithm=“<a href=“http://www.w3.org/2000/09/xmldsig#enveloped-signature””>http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
<Transform Algorithm=“”>http://www.w3.org/2001/10/xml-exc-c14n#“>
<InclusiveNamespaces PrefixList=”#default samlp saml ds xs xsi" xmlns=“<a href=“http://www.w3.org/2001/10/xml-exc-c14n#””>http://www.w3.org/2001/10/xml-exc-c14n#“ />


<DigestMethod Algorithm=”<a href=“http://www.w3.org/2000/09/xmldsig#sha1"”>http://www.w3.org/2000/09/xmldsig#sha1" />
DPQL800YBMu80qohtdFCLu81MOI=


SignatureValue


Certificate Code



samlp:Status
<samlp:StatusCode Value=“urn:oasis:names:tc:SAML:2.0:status:Success” />
</samlp:Status>
<saml:Assertion Version=“2.0” ID=“_5384b4bd-c4c0-4fba-961d-a9a3aec568c1” IssueInstant=“2015-03-31T00:11:51.134Z” xmlns:saml=“urn:oasis:names:tc:SAML:2.0:assertion”>
saml:IssueriN-JacksonDawson</saml:Issuer>
saml:Subject
<saml:NameID Format=“urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress”>Example</saml:NameID>
<saml:SubjectConfirmation Method=“urn:oasis:names:tc:SAML:2.0:cm:bearer”>
<saml:SubjectConfirmationData NotOnOrAfter=“2015-03-31T00:11:51.134Z” Recipient=“my site name” />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore=“2015-03-31T00:01:51.134Z” NotOnOrAfter=“2015-03-31T00:21:51.134Z”>
saml:AudienceRestriction
saml:AudienceAudience Name</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant=“2015-03-31T00:11:51.134Z”>
saml:AuthnContext
saml:AuthnContextClassRefurn:oasis:names:tc:SAML:2.0:ac:classes:Password</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
saml:AttributeStatement
<saml:Attribute Name=“DealerNumber” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValue1234</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“DlrName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueSome Name</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“LogonID” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueJDTEST</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“FirstName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueTest1</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“LastName” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueTest2</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“Email” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueTEST@TEST.COM</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“ID” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValue</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“Zone” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValue12</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“Place” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueFG</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute Name=“PlaceCode” NameFormat=“urn:oasis:names:tc:SAML:2.0:attrname-format:basic”>
saml:AttributeValueRGTF567</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
</saml:Assertion>
</samlp:Response>

2

I recommend taking a look at our SAML high-level API ExampleServiceProvider project. The ExampleServiceProvider and corresponding ExampleIdentityProvider are described in section 10.1 of our Developer Guide.
The ExampleServiceProvider’s SAML/AssertionConsumerService.aspx page includes a call to SAMLServiceProvider.ReceiveSSO which receives and processes the SAML response.
You will need a page similar to this in your application and call SAMLServiceProvider.ReceiveSSO.
The SAML high-level API is driven by SAML configuration. The ExampleServiceProvider includes a saml.config configuration file. SAML configuration is described in section 6 of the Developer Guide.
You will need a saml.config for your application but modified for your specific requirements.
If you have any further questions then you’re welcome to post them here. If you need assistance with your SAML configuration then you might be better to email us to avoid posting private information publically.