Dynamically load SAML2 IDP using Sustainsys-Saml2 and ASP.net Core

Question

What is the best way to dynamically load SAML2 IDP after ASP.net core web application has started?

So far I am able to dynamically add SAML2 IDP during runtime using following code:

//DI in Constructor 
public ClassName(IAuthenticationSchemeProvider schemeProvider,
    IOptionsMonitorCache<Saml2Options> optionsCache)
{
    _schemeProvider = schemeProvider;
    _optionsCache = optionsCache;
}

public async Task LoadIDP()
{
    ...
    _schemeProvider.AddScheme(new AuthenticationScheme(schemeName, schemeName,typeof(Saml2Handler)));

    _optionsCache.TryAdd(schemeName, new Saml2Options(){...});
}

This works but I am still struggling with dynamically loading when there are multiple instances of the App are running in a load-balancing environment.

Is it possible to query database to load config every time someone is trying to login using SAML2?

Anders Abel Anders Abel · Accepted Answer · 2020-09-15T18:11:27

Yes, use the GetIdentityProvider and SelectIdentityProvider notifications. Implementing them you can completely bypass the in memory collection. Note that it is a good idea to cache IdentityProvider objects, especially if you let them load Metadata or you will end up reloading Idp metadata on every request.

Dynamically load SAML2 IDP using Sustainsys-Saml2 and ASP.net Core

1 Answers