How to handle the SAMLResponse from OKTA?

Question

I am trying to implement the SSO via OKTA. And I can get the SAMLResponse text by

string rawSamlData = Request["SAMLResponse"]; 

Convert the string to XML Format by

     if (rawSamlData.Contains("%"))
        {
            rawSamlData = HttpUtility.UrlDecode(rawSamlData);
        }
        byte[] samlData = Convert.FromBase64String(rawSamlData);
        string samlAssertion = Encoding.UTF8.GetString(samlData);

The information of the user is included in the string samlAssertion, Such as X509Certificate, FirstName, LastName, Email etc. The question is how to check whether it is validate or not?

Answer 1

Instead of integrating with okta and handling SAML response your self, you can use an apache module called mod_auth_mellon. Here are simple steps to install it in ubuntu

Answer 2

Don't parse SAML data on your own, unless you are willing to invest a lot of time in getting the security right.

Kentor.AuthServices is an open source .NET SP implementation that is compatible with Okta. There's even specific documentation for it.

Answer 3

Any reason not to use WS-Federation for SSO in .NET? Check out https://msdn.microsoft.com/en-us/library/hh291061(v=vs.110).aspx. To use Okta for Step 2, you can create a Template WS-Fed app in Okta and use the provided web.config provided under the Sign On tab.

If SAML is absolutely required, there are some frameworks you can use to help such as http://www.componentpro.com/saml.net/. Also check out http://www.twobotechnologies.com/blog/2014/01/sp-init-with-wif.html for SP init SAML and http://travisspencer.com/blog/2010/09/idp-initiated-sso-using-wif.html for IdP init SAML.