Thinktecture IdentityServer v3 and SAML

11
votes

Does Thinktecture IdentityServer V3 has support for SAML or does it only support OAuth?

4
samlthinktecture-ident-server

4 Answers

11
votes

IdentityServer v3 supports any Katana-compatible Owin middleware for authentication. With a compatible middleware for SAML2 such as Kentor.AuthServices IdentityServer 3 can authenticate against external SAML2 Identity Providers with Idsrv acting as a SAML2 Service Provider. I wrote a blog post on how to do it.

There's also a plugin interface which would allow IdentityServer v3 to act as a SAML2 Identity Provider but as far as I know there's no implementation available.

2
votes

There is Owin middleware to support the SAML protocol you can use with IdentityServer v3. It does not yet support all flows but it is being used in a couple implementations. Full disclosure - I am the author of this code which was forked from a previous SAML2 library on CodePlex.

1
votes

OpenID Connect, OAuth2, WS-Fed.

@DavidEdwards - no - IdentityServer2 has no SAML support OOTB.

I normally get around this by:

IdentityServer --> WS-Fed --> ADFS --> SAML --> IDP

1
votes

Nope! No SAML.

leastPrivilege.com

In the article Dominick says... "Having spent a considerable amount of time in the WS*/SAML world, it became more and more apparent that these technologies are not a good match for the modern types of applications that we (and our customers) like to build."

They focused on OpenID Connect and OAuth2.