How should I implement SAMLP 2.0 in an ASP.NET MVC 4 service provider?

Question

I\'m developing an MVC 4 web application in C# and want to handle login using an existing SAML 2.0 identity provider. I am using HTTP POST binding with SimpleSAMLphp.

<

Answer 1

You're right in that WIF (now moved into core .NET under System.IdentityModel) only supports the SAML2 tokens and not the SAML2 protocols required to implement a service provider.

Kentor.AuthServices is an open source SP implementation for ASP.NET MVC built on top of .NET 4.5. Install the package and add some settings in web.config - no coding required.

Disclaimer: I'm the author of Kentor.AuthServices

Answer 2

As far as I know there is no support for SAML2P in WIF yet. I would suggest you implement it yourself.

You could use a library that implements SAML2P and use it in your MVC project. Some of the libraries you could use are OIOSAML.NET or commercial ComponentPro SAML.

Or there is an option to set an intermediate IAM. From MVC you set ideneity provider as this intermediate IAM using ws-* protocol (standard way implemented in visual studio). This IAM should be configured to relay your authentication messages to the IDP you want to use with SAML2P. After authenticating the user the IAM would only transform the claims and issue a new token that you MVC application trusts. Try to look at Shibboleth or ThinkTecture IdentityServer v2 (but the second does not implement SAML2P so you would have to add the support yourself). Or you could use ADFS2.

Answer 3

You need a library, unless you want to write it yourself. I've been working with https://www.nuget.org/packages/ITfoxtec.Saml2.Mvc.

Answer 4

How about http://www.nuget.org/packages/SAML2/ ? It says it's a fork from OIOSAML.NET.