I’ve got an app that acts as both and IdP and an SP. I had the IdP part set up using the appsettings.json and loading those up in startup. I just do services.AddSaml(Configuration.GetSection(“SAML”));
But now I had to implement the ISamlConfigurationResolver for the SP part of it and it looks like it won’t load the configuration in appsettings for the IdP part of it from appsettings when I try to SSO. I get the LocalIdentityProvider not configured error.
Is there a way to get it to work or do I have to implement the GetLocalIdentityProviderConfigurationAsync and retrieve the configuration manually now?
I recommend storing all the SAML configuration in a single location.
However, you can achieve what you’re after by extending the SamlConfigurationResolver class. The SamlConfigurationResolver resolves the SAML configuration from the appsettings.json etc. Simply override the methods associated with the SP configuration and let the base class handle the IdP configuration. In the example below, the overridden methods are where you would implement the SP side of the configuration.
using ComponentSpace.Saml2.Configuration.Resolver;
public class ExampleSamlConfigurationResolver : SamlConfigurationResolver
{
public ExampleSamlConfigurationResolver(IOptionsSnapshot samlConfigurations) : base(samlConfigurations)
{
}
public override Task IsLocalServiceProviderAsync(string configurationID)
{
// TODO
return null;
}
public override Task GetLocalServiceProviderConfigurationAsync(string configurationID)
{
// TODO
return null;
}
public override Task GetPartnerIdentityProviderConfigurationAsync(string configurationID, string partnerName)
{
// TODO
return null;
}
public override Task<IList> GetPartnerIdentityProviderNamesAsync(string configurationID)
{
// TODO
return null;
}
}
Register your SAML configuration resolver at start-up.
services.AddSaml(Configuration.GetSection(“SAML”));
services.AddTransient<ISamlConfigurationResolver, ExampleSamlConfigurationResolver>();
Thanks for the response.
So the question was whether or not I can actually do this:
services.AddSaml(Configuration.GetSection(“SAML”));
services.AddTransient<ISamlConfigurationResolver, ExampleSamlConfigurationResolver>();
just like you have in your example code and it turns out that I can’t. When I registered the SamlConfigurationResolver it wouldn’t load the configuration from the “SAML” section anymore. I get an error saying there’s no identity provider configured when I try to SSO from the service provider.
My SamlConfigurationResolver only had the implementations for GetPartnerIdentityProviderNamesAsync and GetLocalServiceProviderConfigurationAsync since it’s a service provider and I’m loading those configurations per Identity Provider.
I added implemenations for GetLocalIdentityProviderConfigurationAsync and GetPartnerServiceProviderConfigurationAsync that pick up the configuration using an injected IConfiguration and it works now.
I’m not sure why that didn’t work for you. I tested this code and it worked for me. The IdP configuration from appsettings.json was used and SSO was successful.
Anyway, it sounds like you have it working now.
I guess I’m using version 2.0.5
I’ll update that and see if it works with 2.7
Thanks!
Let me know if there’s an issue.
Thanks.