Using ComponentSpace SAML with ServiceStack


I’m basically having the same question as, but now using the .NET Core version. How to use the high level ComponentSpace API with a self-hosted ServiceStack .NET Core application? I am trying to implement a ServiceStack Auth provider that supports SAML (similar to But I’d like it to be based on the commercially supported ComponentSpace libraries. It seems like ReceiveSsoAsync and InitiateSsoAsync are too high level to be called from my ServiceStack “Authenticate” function which has already parsed the request into a POCO. I don’t know much about the inner workings of .NET Core’s request pipeline. Can anyone point me in the right direction here? Is it possible to use ComponentSpace SAML libraries with a self-hosted ServiceStack .NET Core application?


You have a few options.
The first is to replace the current implementation of the IHttpRequest and IHttpResponse interfaces that are defined under the ComponentSpace.Saml2.Bindings namespace. Your implementation would be based off accessing the equivalent HTTP request and response objects in ServiceStack and you would register these at application startup. For example, if your implementation classes were ServiceStackHttpRequest and ServiceStackHttpResponse, your code would be:

services.TryAddTransient<IHttpRequest, ServiceStackHttpRequest>();
services.TryAddTransient<IHttpResponse, ServiceStackHttpResponse>();

This approach would be best depending on how feasible it is to implement these interfaces and whether or not it fits into the ServiceStack model.

The second option is to not use the ISamlIdentityProvider or ISamlServiceProvider interfaces normally used when supporting SAML SSO.
Instead, you would call the low-level APIs. Classes for manipulating SAML protocol messages and SAML assertions are under the ComponentSpace.Saml2.Protocols and ComponentSpace.Saml2.Assertions namespaces respectively. This would require more application code but provides the greatest flexibility.
This approach is closer to the code in the SamlAuthProvider.cs link you sent.

The third option is to use our SAML authentication handler middleware. However, I’m not sure if ASP.NET Core authentication handlers are supported in ServiceStack.

ComponentSpace - 6/11/2019
The third option is to use our SAML authentication handler middleware. However, I'm not sure if ASP.NET Core authentication handlers are supported in ServiceStack.

I'm exploring the Middleware option further. Does your Middleware have a depedency on Microsoft .NET Core Identity or can it be used independently?


It calls HttpContext.SignInAsync to log the user in once the SAML response is received and processed.
The sign-in scheme is configurable through the SAML authentication options.

The new approach we are looking at for our application is going to be to add an IdentityServer4 dependency and use it as a service provider and use ComponentSpace as an external provider for IdentityServer4. Then IdentityServer4 will issue JWTs for use with ServiceStack. This will also provide some other advantages by decentralizing authentication. However, I’ve run into a new problem here with the integration regarding the returnUrl. I really appreciate your excellent support. As soon as I can get this demo working, we will be purchasing.

Let us know how you go or if you need any assistance. I’ve responded to your other forum post.