Integrate an external Saml2 Identity Provider into a .net core2 app hosted on azure functions

Question

I am absolutely new to Azure and am now searching for a way to integrate a .net Core-App as Service Provider hosted on Azure Functions to an external Identity Provider(IdP) using Saml2.

What I have is the metadata.xml from my IdP (and a contact if I need more things). My functions-app should on-unauthenticated-request redirect to the IdPs login page. After successfull login, my .net core function should get a ClaimsPrincipal / Identity ontaining some Claims from the Saml2

So, my first thought was: Ok, let's use https://identityserver.io/ as a Middleware in Startup.cs of the azure function. But here we start with my Azure-Newbieness: There seems not to be a Startup.cs when creating an azure function. Instead, there are some Attributes you can set which might control Authentication / Authorization.

So, first question: Is this way (using IdentityServer4 as Saml2 Service Provider Middleware with external IdP) somehow possible, and if so, a good practice?

Second: Is there an alternative way to achieve what I want? I found some documentation about adding AAD-Providers which include Twitter etc., but I haven't found (yet) a documentation on how to create my own (saml2-) provider and integrate it with my azure function. That way would be even better I think, for no need to add same code to all functions that might be created in the future. So, is this way possible / good practice?

Thanks and best regards, Dominik

Answer 1

The answer for the first question is: Sustainsys.Saml2 library. Or this commercial product.

Answer 2

identityserver does not have SAML support OOTB. You have to buy it.

If you want to integrate a SAML IDP into Azure, add it as an enterprise application.