Using Kentor.AuthServices.StubIdp as production IDP

北慕城南 提交于 2019-12-10 13:17:24

问题


I'm trying to implement an IDP (SAML2) server inside my application. I don't want any of my partners to ask our customers to register on their side given the fact that my application has all the data needed.

I'm not very familiar with the SAML2 protocol. I found the project Kentor.AuthServices.StubIdp to be the most interesting because it implements everything I need. I'm also aware that it's not built for production purposes.

I planned to build the IDP on top of StubIdp, because I can't afford pricey solutions like ComponentPro.

Is there a better alternatives? Is building on top of StubIdp a good idea?


回答1:


SAML2 login can be done in two ways:

  1. SP-initiated, where the SP sends an AuthnRequest to the Idp and the Idp answers with a SamlResponse.
  2. Idp-initaited, where the Idp sends an unsolicited SamlResponse.

Kentor.AuthServices (the library that drives the StubIdp) contains everything needed for Idp-initiated logins. Look in the Stub Idp source for how it's done.

Doing SP-initiated login correctly is more complicated as the Idp should do some validation on the incoming AuthnRequest. Those validations are completely missing in the Stub Idp (that's kind of the idea for a testing environment). Implementing SP-initiated login is definitely possible, but to do it securely a lot more work is needed.



来源:https://stackoverflow.com/questions/33681204/using-kentor-authservices-stubidp-as-production-idp

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!