Reputation: 19733
Generating a SAML SP metadata file that works with ASP.NET Identity 2.0 Federation authentication
I am trying to configure a web application using ASP.NET Identity 2.0 for Single-SignOn with ADFS.
To configure their ADFS, my client asked me to provide a SAML Service Provider metadata file matching the following format:
In my application, I am setting up authentication in my OWIN pipeline as so:
app.UseWsFederationAuthentication(new WsFederationAuthenticationOptions()
{
MetadataAddress = ConfigurationManager.AppSettings["SsoAdfsMetadataEndpoint"],
Wtrealm = ConfigurationManager.AppSettings["SsoWtrealm"]
});
I have 2 questions:
- I can generate an X509 certificate to include in the metadata, but how can I add it to my configuration in the web app?
- Where can I get the URLs for all the
AssertionConsumerServicebindings?
Upvotes: 2
Views: 1615
Answers (1)
Reputation: 69260
SAML2P (P is for protocol) and WS-FED are two completely different protocols. To confuse things, SAML2 tokens (or assertions in SAML2 lingo) can be carried in WS-FED protocol messages.
You won't get any SAML2P functionality out of a WS-FED middleware. You need a SAML2P middleware. The open source Kentor.AuthServices.Owin package contains such a middleware, that will automatically generate the needed metadata and that has been tested with ADFS.
Disclaimer: I'm the author of Kentor.AuthServices
Upvotes: 4
Related Questions
- How do I configure my SAML Service Provider to send metadata to the Identity Provider?
- Single Sign-on with Duende IdentityServer 4 with use of SAML from (ADFS)
- SAML integration with ASP.NET Core Identity
- SAML Identity Provider based on Active Directory
- How to generate saml 2.0 sso service metadata
- Creating SAML 2.0 Response with C# and .NET 4.5 in IDP Initiated web SSO
- Single Sign On implementation in C# using SAML 2.0
- How to implement SAML for SSO using ADFS as identity Provider
- Unable to locate metadata for identity provider
- SAML - Generating Metadata File for Service Provider