stackoom
  简体   繁体   中英

How to use saml sso with webforms

 原文  2018-02-15 15:28:03       c#/ asp.net/ webforms/ single-sign-on/ saml

Question

I have a website webforms and I need to integrate the saml sso authentification. I searched a long time for any information but there is so different stuff about that I can't identify properly the right things to do.

What i can say is that I have a federationMetadata xml file and i'm asking if I have all the information needed with it or if I need more information to achieve the authentification sso.

What i understood is :

I have to post an assertion request with some parameters. I don't understand some parameters and try to find them into the federationmetadata.xml file. Like the issuer ? How to use the signin key ? use the encryption ? Must I develop an idp and wich tool must i use (sustainsys for exemple) I'm totally lost

Thank you for your help.

2 answers

solution1
 0 ACCPTED  2018-02-15 21:20:07

The SAML metadata should include all the configuration information you require from the service provider. Similarly, your identity provider metadata should be all the configuration information required by the service provider.

The issuer field in SAML messages corresponds to the entity ID in the metadata.

I recommend looking at the open source and commercial products available rather than developing your own identity provider.

solution2
 0  2018-04-03 04:42:01

Your question is a little fuzzy but I would like to help clarify some things. You may have made progress by now.

First you're using WIF and need at least the WIF runtime installed. It comes with the WIF SDK. You're going to use the FedUtil tool

You need the metadata file either as a file or at a URL which you can use to configure your side of the configuration. There are two instances of metadata.

  1. The metadata describing where the authentication / login occurs. This is what the FedUtil tool will inspect and will use this to know what claims are available (claims are the various bits of user information available to the web application from the successful login).

  2. The Metadata generated by the FedUtil tool which describes the web application on your side, so that the authentication side can be configured.

Note this metadata exchange happens in advance as a part of deployment and when certificates expire must be updated.

The FedUtil tool configures the web.config file so that access to the whole site is taken care of, so you can't access the site without first authenticating successfully. If you're using the standard asp.net identity stuff then you can access the logged in user's details otherwise you can access claims directly.

You don't need to do any assertion stuff yourself. This is all we needed to determine who had logged in: (note "usercode" is a claim provided to us). 

(System.Security.Claims.ClaimsPrincipal)System.Threading.Thread.CurrentPrincipal).Claims.Where(x => x.Type == "usercode").Select(x => x.Value).FirstOrDefault();

Also note the list of claims in the web.config does not have any impact on the system it's just there for reference and for the fedutil tool to use again I think.

Hopefully this helps.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to use WebEx's XML-API with SSO (SAML) How to generate saml 2.0 sso service metadata How do you implement SAML for SSO with Influitive? How to form SAML request for SSO to another domain? How to enable saml 2.0 sso in asp.net website How to implement SSO using SAML 2.0 without using WIF? SAML SSO - how does it work with multiple service providers Implementation SSO using SAML in WCF How to use HttpClient in asp.net webforms SSO using SAML + C# .net
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM