如何使用 SAML 对 Windows Forms 客户端进行身份验证?
[英]How to authenticate a Windows Forms client using SAML?
问题描述
I have been looking into using an identity provider (IDP) to provide user authentication for a Windows Forms client.
我一直在研究使用身份提供者 (IDP) 为 Windows Forms 客户端提供用户身份验证。 The user credentials will be hosted by Auth0.用户凭据将由 Auth0 托管。 After creating a trial account with Auth0 I have downloaded a sample C# Windows Forms client application that can be used to authenticate to the Auth0 IDP using OpenID Connect ("OIDC").使用 Auth0 创建试用帐户后,我下载了示例 C# Windows Forms 客户端应用程序,可用于使用 OpenID Connect (". The WinForms sample application pops up a web browser component, displays the Auth0 login screen, I login to the Auth0 IDP (having setup some test credentials in Auth0) and the WinForms application then is sent an authentication token. WinForms 示例应用程序会弹出一个 web 浏览器组件,显示 Auth0 登录屏幕,我登录到 Auth0 IDP(在 Auth0 中设置了一些测试凭据),然后向 WinForms 应用程序发送一个身份验证令牌。 All well and good, and if I try to login a second time I no longer need to enter my credentials.一切都很好,如果我再次尝试登录,我不再需要输入我的凭据。
However... the company that I will be fetching authentication data from in production would like to use SAML.但是......我将从生产中获取身份验证数据的公司希望使用 SAML。 Is there any way to do this?有没有办法做到这一点? Based on what I have read, SAML needs a "Service Provider" that will receive credentials from the IDP.根据我所阅读的内容,SAML 需要一个“服务提供者”来接收来自 IDP 的凭据。 The Service Provider is (typically?) a web site.服务提供商(通常?)是 web 站点。 That does not seem to match very well with what I am trying to do (authenticate a windows client).这似乎与我正在尝试做的事情不太匹配(验证 windows 客户端)。 Is there any way of using SAML to do essentially what I have done using OIDC (fetch authentication information for a user from an IDP)?有没有什么方法可以使用 SAML 来完成我使用 OIDC 所做的事情(从 IDP 获取用户的身份验证信息)? Would I need to develop a separate Service Provider component for this?我需要为此开发一个单独的服务提供者组件吗?
1 个解决方案
解决方案1
0 2021-01-28 19:26:43
Sounds like what you've done so far is fine architecturally:听起来你到目前为止所做的在架构上很好:
- A modern desktop app following OIDC standards符合 OIDC 标准的现代桌面应用程序
This puts you in a good position architecturally, where:这使您在架构上处于良好的 position 中,其中:
- Your app gets tokens from Auth0 using OIDC您的应用使用 OIDC 从 Auth0 获取令牌
- Auth0 can reach out and do federated authentication with other standards based identity providers, which could be SAML, OIDC, WS-Federation or anything else Auth0 可以与其他基于标准的身份提供者(可能是 SAML、OIDC、WS-Federation 或其他任何东西)进行联合身份验证并进行联合身份验证
- This can be done without changing any code in your app - and your app does not need to understand SAML这可以在不更改应用程序中的任何代码的情况下完成 - 您的应用程序不需要了解 SAML
Feels like you need to set up a federated connection from Auth0 to the SAML Service Provider, and most commonly this involves these steps:感觉您需要建立一个从 Auth0 到 SAML 服务提供者的联合连接,这通常涉及以下步骤:
- You give the partner your Entity Id and Response URL, to post tokens to您向合作伙伴提供您的实体 ID 和响应 URL,以将令牌发布到
- They give you am Entity Id, Public Key Certificate and request URL他们为您提供实体 ID、公钥证书并请求 URL
- You configure rules around account linking, so that users can be matched between their system and yours您围绕帐户链接配置规则,以便用户可以在他们的系统和您的系统之间进行匹配
There are prerequisites though, and the external identity provider needs to be SAML 2.0 compliant.但是有一些先决条件,并且外部身份提供者需要符合 SAML 2.0。 My Federated Logins Article may help you to understand the general concepts, though I do not drill into SAML details here.我的Federated Logins 文章可能会帮助您理解一般概念,但我不会在这里深入探讨 SAML 细节。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.