I have been very happy with ComponentSpace as a product and the support in these forums, please keep it up. . . onto my question
I have a Service Provider where customers can self serve their own Idp configuration for an account through either MetaData import or by entering the configuration by hand. I would like to offer the customers a way to test their account’s Idp configuration before enabling it for all of their account users. Ideally, I would do this without losing the browser to the Idp’s SSO Url. Is there a way I can configure my Service Provider to handle this with Component Space? I am trying this using an SP-initiated login via SamlServiceProvider.InitiateSsoAsync. As result, the customer is taken away from the web app, to visit their Idp. Is there a way around this?
A couple ideas I had were . . .
1) Add a query string parameter to the SAML Callback Url that indicates it is test mode? Is that possible using an event?
2) Store a bit along the side the Idp configuration that indicates it is in "test mode and add logic to the Saml callback which handles cases differently where test mode is true.
I realize this is a general question and not 100% Component Space related. Any feedback or thoughts on how to implement this would be appreciated. Thanks in Advance.
Charles
Hi Charles,
Thank you for your kind words. They’re very much appreciated.
I don’t think there’s a way to allow customers to test their SSO setup without actually performing a test SSO. This means that control will pass to their IdP site. The SAML specification doesn’t include a mechanism to SSO that doesn’t involve the browser and passing control to the IdP.
Could SSO be initiated in a separate browser tab so it’s easy for them to get back to your configuration page?
For example, on your configuration page you could have a test button which opens a browser tab and then performs SP-initiated SSO in this separate tab.
[quote][/quote]
Hi Charles,
Thank you for your kind words. They're very much appreciated.
I don't think there's a way to allow customers to test their SSO setup without actually performing a test SSO. This means that control will pass to their IdP site. The SAML specification doesn't include a mechanism to SSO that doesn't involve the browser and passing control to the IdP.
Could SSO be initiated in a separate browser tab so it's easy for them to get back to your configuration page?
For example, on your configuration page you could have a test button which opens a browser tab and then performs SP-initiated SSO in this separate tab.
Thank you for your kind words. They're very much appreciated.
I don't think there's a way to allow customers to test their SSO setup without actually performing a test SSO. This means that control will pass to their IdP site. The SAML specification doesn't include a mechanism to SSO that doesn't involve the browser and passing control to the IdP.
Could SSO be initiated in a separate browser tab so it's easy for them to get back to your configuration page?
For example, on your configuration page you could have a test button which opens a browser tab and then performs SP-initiated SSO in this separate tab.
Thanks for the quick feedback, I'll see if putting the SSO "test" in a new tab will satisfy our requirements. I think it should.
You’re welcome.