Hey everyone,
I have started working on integrating SAML-based SSO into an existing ASP.NET application & I use some help or pointers. I am using the ComponentSpace SAML suite but I am facing confusion with configuring the SAML.config file & making sense of the whole service provider/identity provider metadata part.
I have gone through the documentation but I am still not entirely sure how to set up the metadata exchange when the IdP gives me an XML file. Also I am a bit unsure about where to place the SAMLAssertionConsumerService.aspx & how routing should ideally work in Web Forms apps.
If anyone here has experience integrating SAML into a legacy ASP.NET app & can share some best practices or example setups. Also I need to worry about anything for session handling post-auth? Also I have check this SAML SSo Integration using Trial version in ASP net Core Application workday course still need advice.
Thank you.
The SAML API makes use of SAML configuration and one option is to supply this configuration using a saml.config file.
The Configuration Guide in the documentation folder goes through the various options for specifying the SAML configuration.
Also, I suggest taking a look at the ExampleServiceProvider project for an example of a saml.config file.
SAML metadata is part of the SAML specification and defines a standard syntax for exchanging SAML configuration information between SAML providers. This is different from the saml.config file which is internal to the application.
The Metadata Guide describes using the ImportMetadata utility for importing SAML metadata from a partner provider to update your saml.config. For example, if acting as the service provider, importing partner identity provider metadata updates the saml.config file with a <PartnerIdentityProvider> entry.
Conversely, the Metadata Guide describes using the ExportMetadata utility for exporting SAML metadata for the local provider from your saml.config. For example, if acting as the service provider, local service provider metadata is exported from the <ServiceProvider> entry of saml.config.
It’s also possible to incorporate this import/export functionality in a web application as demonstrated by the ExampleServiceProvider’s SAML/ImportMetadata.aspx and SAML/ExportMetadata.aspx endpoints.
The assertion consumer services (ACS) endpoint is where SAML responses are received from a partner identity provider. In our examples, we use SAML/AssertionConsumerService.aspx but you’re free to use what works best for your application.
My recommendation is to run the ExampleServiceProvider and ExampleIdentityProvider projects in the Visual Studio debugger to see SSO in action. Also, take a look at the Examples Guide as this walks you through these examples.
You’re welcome to contact us via this forum or email if you have any follow up questions.