I’ve been reading the Configuration Guide and I am not sure what type of SAML Configuration (XML file, API or ISAML) is better for my project.
The (IdP-initiate) project would be a company’s (with more than 10000 employees) web page where the employees can access through the company intranet and see their personal info, work progress, etc.
Thanks in advance.
All three options will work for your scenario.
The saml.config file is the simplest as you create a file and our library loads it. Usually SAML configuration doesn’t change frequently so this is a good option in many cases.
If instead you prefer to store the SAML configuration elsewhere (eg in a custom database) you have to supply the configuration programmatically to he SAML library. You can do this either via the SAML configuration API or by implementing the ISAMLConfigurationResolver interface. Storing SAML configuration in a database makes sense if the configuration changes more frequently (eg you might have an admin front end to create/update the configuration) or if you have non-SAML configuration in a database and you wish to store all configuration in the one place.
The SAML configuration API normally is used to specify the SAML configuration at application start-up.
For more dynamic situations, it’s better to implement the ISAMLConfigurationResolver interface. The SAML API will call into the ISAMLConfigurationResolver interface to retrieve SAML configuration as required. This way you can pick up updates in the database etc instantly.
You’ll find examples of both approaches in the Global.asax files of the ExampleIdentityProvider and ExampleServiceProvider projects.