How do I expose WS-Federation metadata on ASP.NET MVC 5?

Question

I have a SAAS app built with ASP.NET MVC 5 and I've several clients accessing my app through forms authentication and that works fine, but one of my clients that is a big enterprise company, required me to implement single sign-on. I'm not sure what do I need to install/implement on my side. This client required the use of federation, it must be implemented via industry standard WS-Federation and I have to expose WS-Federation Metadata via a web protocol endpoint to be accessible by their IDP. They also required the use of SAML 2.0 HTTP Artifact Binding.

RWRkeSBZ RWRkeSBZ · Accepted Answer · 2019-05-02T21:06:29

Typically, you only need to generate the metadata once and then make it available to the IdP either via a URL or as an XML file. The metadata will contain information about your SP, such as audience, redirect URL, what assertions you require, certificate keys, etc. The idea is that the person setting it up on the IdP side does not have to enter them manually and can simply import the metadata; this also saves them from updating the settings for your SP if anything changes (e.g. your certificate keys). But, configuring WS-Federation (within ADFS on their side, I assume) is possible if you can convince them that seting up the metadata will be a big endeavour. The three basic pieces of information that you need to provide them are:

Your realm (an identifier for your SP)
Your reply URL (where the IdP will post-back the SAML)
The assertions that you want in the SAML (username, email address, etc.)

You can also use an online tool to generate a one-off metadata that you can then host on your site or share with the IdP by email.

How do I expose WS-Federation metadata on ASP.NET MVC 5?

2 Answers