Reputation: 1627
SAML integration with ASP.NET Core Identity
Our service provider asked for the following information for the SAML integration.
- Identity Provider ID (e.g. http://myadfs.domain.com/adfs/services/trust)
- XML Meta Data (e.g. http://your-adfs-domain.com/Federation/Metadata/2007-06/Federationmetadata.xml)
- Username attribute (e.g. http://myadfs.domain.com/ws/2008/06/identity/claims/windowsaccountname)
Now it's my first time trying with SAML and I need to build the identity provider and I'd like to use ASP.NET Core Identity for user authentication.
As I understand it right, the flow would be
- From the service provider site, they have a button to sign in with SAML SSO
- Clicking on the button would redirect to identity provider's login page
- Put username and password and authenticate against our database using asp.net core identity
- If successful, return claim information
- Logged in to service provider site
I've researched and found several open-source SAML integrations with ASP.NET Core such as Sustainsys or ITfoxtec. Sustainsys has several samples and it seems like SampleIdentityServer4AspNetIdentity is the way to go.
- Is it the right one to build identity provider with .net identity?
- What are
new EntityId("https://localhost:44342/Saml2")andnew EntityId("http://localhost:52071/Metadata")inStartup.csand where can I get those values?
Any guidance would be appreciated.
Upvotes: 3
Views: 8987
Answers (1)
Reputation: 4334
The login flow you describe is correct.
It is possible to build a identity provider using the ITfoxtec.Identity.Saml2 package and ASP.NET Core Identity. I have implemented identity providers using the ITfoxtec.Identity.Saml2 package a number of times. But you need to be aware of implementing a secure solution, it needs to be done rights else you will leave the hacker a bunch of possibilities :)
The new EntityId("https://localhost:44342/Saml2") is the identity providers id which you define yourself.
A link to a ASP.NET Core identity provider sample application https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestIdPCore. Howewer, the sample application is not using the ASP.NET Core Identity.
Upvotes: 1
Related Questions
- ASP.Net Core SAML authentication
- How do I communicate with a SAML 2.0 server so that I can leverage it's authentication?
- ITfoxtec.Identity.Saml2 - Multiple authentication schemes with Asp.net Core Identity
- ITfoxtec SAML 2.0 and .NET ASPX application (not MVC)
- Implement SAML2 for multiple IDPs w/ .Net Core 5 MVC
- IdentityServer4 with Sustainsys.Saml2 to make OAuth SAML Assertion
- ASP.NET Core and SAML authentication
- Identity Server Saml2AuthExtensions Idp initiated SSO
- .net core and SAML 2.0