Reputation: 13
SAML handler instantiated on non-SAML authentication requests
I am using the Sustainsys SAML library along with IdentityServer4 for Okta authentication, and have a working setup. However, I notice that the Saml2Handler is being instantiated for non-SAML authentication requests (even though it does not act on those requests because ModulePath does not match).
It is a concern because I intend to support multiple Okta instances, and it feels wasteful to hit the handler when it is not required. Is this expected behaviour for this SAML library, or for handlers in general?
Currently I create a scheme per-customer, with the handler as an argument. This is set up on first request for the customer rather than in startup. Thanks
Upvotes: 1
Views: 96
Answers (1)
Reputation: 69250
The handler need to check if the incoming request is a response for its endpoint (Acs, Logout or Metadata). As far as I know all handlers work this way.
Upvotes: 1
Related Questions
- ASP.Net Core SAML authentication
- IdP Initiated Login with Sustainsys.SAML2 - AuthenticateResult Has No Information
- IdentityServer4 with Sustainsys.Saml2 to make OAuth SAML Assertion
- ASP.NET Core and SAML authentication
- SAML integration with ASP.NET Core Identity
- Sustainsys Saml2 Handler AuthenticateAsync() method operation is not implemented
- Sustainsys.Saml2 start authentication dynamically for ASP.NET
- Dynamically add a SAML2 authentication provider using Sustainsys.Saml2 in ASP.NET Core
- SAML 2.0 authentication request to Identity Authentication
- Saml2 Single Logout (SingleLogoutServiceResponseUrl) with Sustainsys and Identity Server 4