Hi,
I wondered if support for OWIN is considered? We are working with the new ASP.NET Identity model, and would like to be able to just plugin the SAML authentication as another External Identity Provider.
Thanks,
Gidon
OWIN support is definitely under consideration but I can’t provide a time frame at this stage.
Support for OWIN will be provided in the first half of 2016.
[quote][/quote]
Where can i find more information on this? Is it released, being released etc?
Kind regards,
This is our top priority at the moment and we hope to have something available by the end of the month.
Hi,
I was just about to start hacking some code together for this. Any updates?
The OWIN implementation in the examples appears to use OWIN for regular forms authentication, then regular MVC actions for SSO. I’m using v2.6.0.17
R
The OWIN examples demonstrate calling our SAML API from within the application.
At this stage we don’t have an OWIN middleware implementation.
Our current priority is .NET Core support.
Once this has been released we’ll be looking to add OWIN middleware support.
We haven’t implemented OWIN middleware but it’s perfectly possible to call our SAML API from an OWIN application to support SAML SSO.
The MvcExampleIdentityProvider and MvcExampleServiceProvider projects under the Examples\SSO\HighLevelAPI\MVC folder demonstrate this.
The MvcExampleServiceProvider’s SamlController includes an AssertionConsumerService that calls SAMLServiceProvider.ReceiveSSO to receive and process the SAML assertion from the IdP. It then calls the OWIN API to provision and login the user locally.
public ActionResult AssertionConsumerService()
{
// Receive and process the SAML assertion contained in the SAML response.
// The SAML response is received either as part of IdP-initiated or SP-initiated SSO.
SAMLServiceProvider.ReceiveSSO(
Request,
out var isInResponseTo,
out var partnerName,
out var authnContext,
out var userName,
out IDictionary<string, string> attributes ,
out var relayState);
// Automatically provision the user.
// If the user doesn’t exist locally then create the user.
// Automatic provisioning is an optional step.
var applicationUserManager = HttpContext.GetOwinContext().Get();
var applicationUser = applicationUserManager.FindByName(userName);
if (applicationUser == null)
{
applicationUser = new ApplicationUser();
applicationUser.UserName = userName;
applicationUser.Email = userName;
applicationUser.EmailConfirmed = true;
if (attributes.ContainsKey(ClaimTypes.GivenName))
{
applicationUser.Claims.Add(new IdentityUserClaim() { ClaimType = ClaimTypes.GivenName, ClaimValue = attributes[ClaimTypes.GivenName], UserId = applicationUser.Id });
}
if (attributes.ContainsKey(ClaimTypes.Surname))
{
applicationUser.Claims.Add(new IdentityUserClaim() { ClaimType = ClaimTypes.Surname, ClaimValue = attributes[ClaimTypes.Surname], UserId = applicationUser.Id });
}
var identityResult = applicationUserManager.Create(applicationUser);
if (!identityResult.Succeeded)
{
throw new Exception(string.Format(“The user {0} couldn’t be created.\n{1}”, userName, identityResult));
}
}
// Automatically login using the asserted identity.
var applicationSignInManager = HttpContext.GetOwinContext().Get();
applicationSignInManager.SignIn(applicationUser, false, false);
// Redirect to the target URL if any.
if (!string.IsNullOrEmpty(relayState) && Url.IsLocalUrl(relayState))
{
return Redirect(relayState);
}
return RedirectToAction(“Index”, “Home”);
}