Reputation: 3
Sustainsys.Saml2.Owin: how to invoke UseSaml2Authentication with multiple sets of different Saml2AuthenticationOptions
I am new to Saml2 so please forgive me if I don't get the terminology quite right. I have been tasked with implementing SSO in our application. I have a situation similar to this question. In our application, a user enters their username and I then need to authenticate to the appropriate IdP for that user. However, Saml2AuthenticationOptions.SPOptions.EntityId is different for each one, as is the IdentityProvider.EntityId.
So what I was trying to was something like
private static Dictionary<string, Saml2AuthenticationOptions> _saml2OptionsDict = new Dictionary<string, Saml2AuthenticationOptions>();
public void ConfigureAuth(IAppBuilder app)
{
app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
app.UseCookieAuthentication(new CookieAuthenticationOptions());
app.Properties["host.AppName"] = "AppName";
ConfigureIdentityProvider("provider1", "SamlEntityId.1", "IdPEntityId.1", "MetadataUrl.1", "ECMCLoantrackerDev.cer");
ConfigureIdentityProvider("provider2", "SamlEntityId.2", "IdPEntityId.2", "MetadataUrl.2", "LT Test app.cer");
app.UseSaml2Authentication(GetSaml2Options(("provider1")));
app.UseSaml2Authentication(GetSaml2Options(("provider2")));
}
private void ConfigureIdentityProvider(string providerKey, string samlEntityIdKey, string idpEntityIdKey, string metadataUrlKey, string certName)
{
var saml2Options = new Saml2AuthenticationOptions(false)
{
SPOptions = new Sustainsys.Saml2.Configuration.SPOptions
{
EntityId = new Sustainsys.Saml2.Metadata.EntityId(ConfigurationManager.AppSettings[samlEntityIdKey]),
ReturnUrl = new Uri(ConfigurationManager.AppSettings["ExternalLoginCallbackUrl"])
}
};
var idp = new Sustainsys.Saml2.IdentityProvider(
new Sustainsys.Saml2.Metadata.EntityId(ConfigurationManager.AppSettings[idpEntityIdKey]),
saml2Options.SPOptions)
{
MetadataLocation = ConfigurationManager.AppSettings[metadataUrlKey],
Binding = Sustainsys.Saml2.WebSso.Saml2BindingType.HttpRedirect
};
idp.SigningKeys.AddConfiguredKey(
new X509Certificate2(
HostingEnvironment.MapPath(
"~/App_Data/" + certName)));
saml2Options.IdentityProviders.Add(idp);
_saml2OptionsDict[providerKey] = saml2Options;
}
public static Saml2AuthenticationOptions GetSaml2Options(string providerKey)
{
return _saml2OptionsDict.ContainsKey(providerKey) ? _saml2OptionsDict[providerKey] : null;
}
I believe what I need to is then do a lookup based on the user name for which options to use and pass that along to the challenge, something like
var saml2Options = Startup.GetSaml2Options(provider);
HttpContext.GetOwinContext().Authentication.Challenge(new AuthenticationProperties { RedirectUri = "/Account/ExternalLoginCallback" }, saml2Options.AuthenticationType);
But I'm stuck on invoking UseSaml2Authentication multiple times. If I do just one or the other, everything is fine except of course for those users not being able to authenticate. So one IdP works, but not multiple.
Again, as I said, I am just a beginner at this, so is what I'm trying to do even possible?
Upvotes: 0
Views: 44
Answers (0)
Related Questions
- How to group by multiple columns using LINQ
- Awaiting multiple Tasks with different results
- How do you handle multiple submit buttons in ASP.NET MVC Framework?
- ASP.Net 4.7.2 Web Forms flow
- Sustainsys.Saml2 multitenant implementation with app.Map()
- How do I replace multiple spaces with a single space in C#?
- Unable to Run the Sample for the Sustainsys.Saml2 Project
- Sustainsys.Saml2.Owin : Having two different service providers in one website
- How to explain Katana and OWIN in simple words and uses?
- Sustainsys.Saml2 OWIN access_denied and logging