SAML integration with ASP.NET Core Identity

2
votes

Our service provider asked for the following information for the SAML integration.

Now it's my first time trying with SAML and I need to build the identity provider and I'd like to use ASP.NET Core Identity for user authentication.

As I understand it right, the flow would be

  1. From the service provider site, they have a button to sign in with SAML SSO
  2. Clicking on the button would redirect to identity provider's login page
  3. Put username and password and authenticate against our database using asp.net core identity
  4. If successful, return claim information
  5. Logged in to service provider site

I've researched and found several open-source SAML integrations with ASP.NET Core such as Sustainsys or ITfoxtec. Sustainsys has several samples and it seems like SampleIdentityServer4AspNetIdentity is the way to go.

  1. Is it the right one to build identity provider with .net identity?
  2. What are new EntityId("https://localhost:44342/Saml2") and new EntityId("http://localhost:52071/Metadata") in Startup.cs and where can I get those values?

Any guidance would be appreciated.

1
c#asp.net-coresaml-2.0sustainsys-saml2itfoxtec-identity-saml2

1 Answers

1
votes

The login flow you describe is correct.

It is possible to build a identity provider using the ITfoxtec.Identity.Saml2 package and ASP.NET Core Identity. I have implemented identity providers using the ITfoxtec.Identity.Saml2 package a number of times. But you need to be aware of implementing a secure solution, it needs to be done rights else you will leave the hacker a bunch of possibilities :)

The new EntityId("https://localhost:44342/Saml2") is the identity providers id which you define yourself.

A link to a ASP.NET Core identity provider sample application https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestIdPCore. Howewer, the sample application is not using the ASP.NET Core Identity.