Reputation: 79
What I have done so far...I have setup Azure AD, assigned users, and even taken endpoints and setup for different Microsoft sample apps. They all work out of the box. I just don't see any samples of sending Raw SAML Request/Response directly to Azure via code (C#).
Is it possible to POST a SAML Request to Azure via code (C#) and have it return a SAML Response? Basically our Security Architect wants to manually create a SAML AuthRequest and send it to Azure then receive the SAML response for us to interrogate. Does it even work that way?
We want to take that and then hit our security for Roles and Privs. It just seems like that info is an Identity Provider thing and that’s what we are supposed to be using Azure for.
My Thoughts: We have our own EnterpriseSecurity that works with our FederatedServer. There is a FetchToken class that contains FetchTokenSSOFederated(). I feel that if we setup a trust between our Federated Server and Azure then the SP initiated call would actually be FetchTokenSSOAzureFederated(). Our Federated Server would be handling everything between us and Azure. Any guidance is appreciated.
Any guidance is appreciated.
Thanks -Ken
Upvotes: 2
Views: 1645
Reputation: 7394
You can most definitely generate requests and parse responses using whatever development stack and whatever OS you choose - Azure AD won't even know, the only thing that counts is what goes on the wire. That said. Azure AD uses SAML mostly for SSO purposes, which means that the customary way of interacting with it is via web libraries which 1) handle request generation and response parsing automatically, as part of implementing SSO flows and 2) expects the user to integrate via a browser. From your question it isn't clear what topology/scenario you are targeting, however I get the impression that you want to deal with token acquisition programmatically (that is, from an active client of sort). For that Azure AD leverages OAuth2 and OpenId Connect, protocols that are way better suited for such use cases than the browser-bound SAML. That is the reason for which we have plenty of samples showing OAuth2/OpenId Connect programmatic interactions (see http://aka.ms/aaddev) and no SAML ones. HTH!
Upvotes: 4