Specifying the SAML Configuration Programmatically

For the majority of use cases, maintaining the SAML configuration in the saml.config configuration file is the simplest strategy.

SAML Configuration

However, there may be circumstances where configuration must be stored elsewhere (e.g. in a database).
Rather than defining configuration in the saml.config configuration file, the configuration may be specified programmatically. A good place to do this is in the Global.Application_Start method.
For example, the following code configures the local service provider and one partner identity provider.


SAMLConfiguration samlConfiguration = new SAMLConfiguration();

samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration() {
Name = "urn:componentspace:ExampleServiceProvider",
AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
LocalCertificateFile = "sp.pfx",
LocalCertificatePassword = "password"
};

samlConfiguration.AddPartnerIdentityProvider(
new PartnerIdentityProviderConfiguration() {
Name = "urn:componentspace:ExampleIdentityProvider",
SignAuthnRequest = false,
WantSAMLResponseSigned = true,
WantAssertionSigned = false,
WantAssertionEncrypted = false,
SingleSignOnServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SSOService.aspx",
SingleLogoutServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SLOService.aspx",
PartnerCertificateFile = "idp.cer"
});

SAMLController.Configuration = samlConfiguration;


And the following code configures the local identity provider and one partner service provider.


SAMLConfiguration samlConfiguration = new SAMLConfiguration();

samlConfiguration.IdentityProviderConfiguration =
new IdentityProviderConfiguration() {
Name = "urn:componentspace:ExampleIdentityProvider",
LocalCertificateFile = "idp.pfx",
LocalCertificatePassword = "password"
};

samlConfiguration.AddPartnerServiceProvider(
new PartnerServiceProviderConfiguration() {
Name = "urn:componentspace:ExampleServiceProvider",
WantAuthnRequestSigned = false,
SignSAMLResponse = true,
SignAssertion = false,
EncryptAssertion = false,
AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx",
SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider/SAML/SLOService.aspx",
PartnerCertificateFile = "sp.cer"
});

SAMLController.Configuration = samlConfiguration;

Setting the SAMLController.Configuration property sets the current SAML configuration to that specified.
The example code works as-is and you should see the SAML configuration successfully set.
I'm not sure what you mean by calling the configuration.
Once you've specified the configuration, by setting the SAMLController.Configuration property, no further action is required on your part.

I’m creating an admin web page for managing our partner identity provider configurations in the database. Is there a way to validate these configuration settings in memory? I see the Validate function under the SAMLConfiguration class but it only accepts a filename. Is there a method available that would accept an instance of the SAMLConfiguration class? Or another method that can perform validation on an instance of the PartnerIdentityProviderConfiguration class?

Thank you.

The SAMLConfigurationFile.Validate method validates the specified XML file against the SAML configuration XML schema. If your SAML configuration is stored as XML then this method could be called to validate the XML prior to using it to construct a SAMLConfiguration object etc.
If you’ve already loaded the SAMLConfiguration and related configuration objects from a database etc (ie not stored as XML) then they should already be validated in the sense that you’ve programmatically constructed these objects rather than loading them from a file.
You might want to add certain checks to your admin web page. For example, if setting up a partner service provider then an assertion consumer service URL should be supplied. If it isn’t then presumably you’d display an error message to the administrator.

Hi,

I am creating configuration using above code and I am getting SAMLController does not exist.
Which library does it exists?

Thanks,
Muhammad Masood

Hi Muhammad
The SAMLController class is in the ComponentSpace.SAML2 namespace.
If you still don’t see it, it’s possible you’re using an older version of the DLL.
You can determine the version you have as follows:
http://www.componentspace.com/Forums/31/Determining-the-Component-Version-and-License
If there’s still an issue, email us at support mentioning the DLL version you are using and your forum post.

Hi,

I am unable to navigate to mentioned page.

Thanks,
Muhammad Masood

I missed the www. Please try:
http://www.componentspace.com/Forums/31/Determining-the-Component-Version-and-License

Here is the version I am using:



I am worried if I updated the dll, I might lose the license.

If I could load the configuration for multiple tenant using current dll that would be great.

Thanks,
Muhammad Masood

The version you have doesn’t include the SAMLController class. This was introduced in a later release.
For the version you have, you’ll find similar properties on the SAMLConfiguration class.

Hi,

I have updated the latest dll (ie. Trial) and I can use SPController class but I am not able to load configuration from xml. How to load configuration from xml using latest dll?

Thanks,
Muhammad Masood

What errors are you seeing?
Are you attempting to load the SAML configuration from a saml.config file?
Could you enable SAML trace and send the generated log file to our support email address?
http://www.componentspace.com/Forums/17/Enabing-SAML-Trace
Also include your saml.config file.
Thanks.

Hi i am try to add new ComponentSpace dll version but it shows error

What errors are you seeing?

Hello,
I am working with multiple tenant but I am facing error "SAMLController does not exists". I am sharing the details version of my current ComponentSpace.SAML2.dll.

The version you’re using (2.6.0.2) is a little old but still includes the SAMLController class under the ComponentSpace.SAML2 namespace.
Are you getting a compilation error or some sort of runtime error?
Please provide more details (eg compiler error details or runtime exception stack).

Im using the above to programmatically assign a SAML Configuration in the request - Fetching values from a database.

Im just wondering if you could explain the differences between the two certificate files, and whether they are both required in this context.

Just using Okta as an example when adding a new Service Provider, I dont see anywhere where I need to assign a PartnerCertificateFile (sp.cer). I know this is slightly off-topic, so if there is an article or thread which covers that I would appreciate you pointing me in the right direction.

The local certificate is used to sign SAML messages sent to the partner.
The partner certificate is used to verify signatures on SAML messages received from the partner.
If acting as the service provider there will almost always be a partner certificate as the SAML response or assertion should always be signed and the signature verified.
Signing the SAML authn request sent to the identity provider as part of SP-initiated SSO is optional and if no signing occurs, a local certificate isn’t required.