gilad
gilad

Reputation: 297

How to correctly configure SAML 2.0 SP

I have an Identity Provider that I wish to preform SSO against using SAML 2.0
I'm using https://github.com/KentorIT/authservices

The IdP configuration is :
Entity Id: https://xxx.yyy.com/auth
Assertion Consumer Service URL: http://zzz:1111/AuthServices/Acs
I have created a self-signed certificate and added it to the local project.

The local configuartion:

<kentor.authServices entityId="https://xxx.yyy.com/Files/Metadata/IdP/Saml"
                       returnUrl="http://localhost:8585/">
    <identityProviders>
      <add entityId="https://xxx.yyy.com/"
           signOnUrl="https://xxx.yyy.com/Saml/Login.aspx"
           allowUnsolicitedAuthnResponse="true" binding="HttpRedirect">
        <signingCertificate fileName="~/App_Data/SelfSignedCertificate-2016-01-10-22-37.cer" />
      </add>
    </identityProviders>
    <federations>
      <add metadataLocation="http://localhost:52071/Federation" allowUnsolicitedAuthnResponse="true" />
    </federations>
  </kentor.authServices>


I will appreciate any kind of help as i'm stuck with this.
Thanks
Gilad

Upvotes: 0

Views: 1228

Answers (1)

Anders Abel
Anders Abel

Reputation: 69280

  • The first entityId, in the kentor.authServices root element should be the identifier you use for your site. Typically http://zzz:1111/AuthServices, which is the ACS url minus the last part.
  • The signingCertificate within the identityProviders/add element should not be your own certificate, but the certificate that the Idp uses to sign messages.
  • The federations element should be completely removed. It points to the local development environment, that it looks like you've copied the config from.

Upvotes: 1

Related Questions