Reputation: 671
understanding how to implement SAML2 SSO to an existing .net web api
I need to implement SAML 2.0 sso authentication to our existing Web API. I am fairly new to the topic so i am not sure where to start. i have been playing around with the dev ADFS server (ADFS 4 - Windows server 2016) and been following tutorials on how to setup Relying Trust Party.I have gotten the gist on how SAML works but still lost on how to implement this one via code in my webapi. I want to know how to begin implementing the SAML 2 auth to connect to the ADFS server, the web app is deployed on a different iis server. I have read https://github.com/Sustainsys/Saml2/tree/master but i am not getting how my web api would connect to the ADFS server to retrieve a SAML token and process it.
Upvotes: 0
Views: 1258
Answers (1)
Reputation: 46720
The problem you have is that the SAML spec. does not cater for API (either webapi or REST API). It's purely a browser SSO redirect protocol.
In ADFS, API are configured by the Application wizard but that's OpenID Connect with a JWT not an XML token.
Update
If your webapi is a REST API then use OIDC with a JWT.
Just FYI: ADFS also supports WS-Fed. WS-Fed does have an API profile (called the active profile) which is essentially WCF.
Upvotes: 1
Related Questions
- How to authenthicate from my application to a SSO of my client
- SAML SSO WITH ADFS IN C#
- Creating SAML 2.0 Response with C# and .NET 4.5 in IDP Initiated web SSO
- Single Sign On implementation in C# using SAML 2.0
- ADFS 2.0 IDP-Initiated SSO
- SAML request for SSO from Service provider to ADFS in asp.net C#
- How to implement SAML for SSO using ADFS as identity Provider
- Need to SSO to a vendor using SAML, not sure what path to take
- ADFS 2.0, SSO and SAML 2.0
- Custom SSO with SAML2 and ADFS