Integrate SAML with my mvc web aplication

0
votes

I am very new to SAML and I need some clarification.

I have one asp.net mvc application. now I want to use tableau APIs and show some charts. I want to by pass the authentication for tableau using SAML SSO. My need is something like,

  1. My application / Tableau Server act as SAML SP through HTTP
  2. SP redirects user to Idp to authenticate
  3. SAML IdP redirects user back to SAML SP with authentication results and original request proceeds.
  4. SAML SP tells Tableau Trusted Authentication that the user has authenticated successfully.
  5. Trusted Authentication issues the user a trust ticket.
  6. User is able to access (authorized) Tableau views/content.

I need to create the Idp for this purpose.

Any step by step desc or code sample will be helpful. Could you please please shed some light in how to use SAML.

Thanks Anish.

2
asp.net-mvcasp.net-mvc-4single-sign-onsaml-2.0tableau-api

2 Answers

2
votes

SAML enables a website (the service provider) to request that a user logs on at another domain (the identity provider) There are many ways to achieve this.

It's not exactly clear from your wording what you're trying to achieve. I think you mean that you wish a user of your asp.net application be logged into another application using their asp.net application session/credentials then your asp.net application is the IdP and the other application the SP. There are a couple of options:

  1. the asp.net application could push a SAML assertion containing information about the user to the other application's saml sso endpoint. or
  2. the other application could direct the user to the asp.net application with a SAML request asking it to authenticate the user and return a saml assertion.

Does that clear a few things up?

1
votes

In terms of SAML IDP, look at:

  • ADFS
  • OpenAM
  • Shibboleth
  • SimpleSAMLphp

SAML is a complicated protocol so there is no such thing as a simple SAML IDP.

In .NET, there is no open source server-side SAML stack that you can use.

On top of which , your IFP needs a credential store to authenticate against. What do you propose to use? e.g.

  • AD
  • SQL DB
  • LDAP

And this Tableau application must have some kind of authorization e.g. who can do what, who has access, who can edit etc.

This is provided by the IDP in the form of SAML assertions inside the token.