Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SAML AzureAD Single Sign-on Support - Feature Request #50

Open
CastleSoft opened this issue Sep 10, 2020 · 0 comments
Open

SAML AzureAD Single Sign-on Support - Feature Request #50

CastleSoft opened this issue Sep 10, 2020 · 0 comments
Labels
new feature

Comments

@CastleSoft
Copy link

CastleSoft commented Sep 10, 2020
edited
Loading

https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/saml-toolkit-tutorial

The link below has a BASIC implementation of SAML for ASP.NET. (323 lines of c# code):

https://github.com/jitbit/AspNetSaml

How SAML works?
SAML workflow has 2 steps:

User is redirected to the SAML provider (where he authenticates)
User is redirected back to your app, where you validate the payload
Here's how you do it (this example is for ASP.NET MVC:

  1. Redirecting the user to the saml provider:
    //this example is an ASP.NET MVC action method
    public ActionResult Login()
    {
    //TODO: specify the SAML provider url here, aka "Endpoint"
    var samlEndpoint = "http://saml-provider-that-we-use.com/login/";

    var request = new AuthRequest(
    "http://www.myapp.com", //TODO: put your app's "entity ID" here
    "http://www.myapp.com/SamlConsume" //TODO: put Assertion Consumer URL (where the provider should redirect users after authenticating)
    );

    //redirect the user to the SAML provider
    return Redirect(request.GetRedirectUrl(samlEndpoint));
    }

  2. User has been redirected back
    User is sent back to your app - you need to validate the SAML response ("assertion") that you recieved via POST.

Here's an example of how you do it in ASP.NET MVC

//ASP.NET MVC action method... But you can easily modify the code for Web-forms etc.
public ActionResult SamlConsume()
{
// 1. TODO: specify the certificate that your SAML provider gave you
string samlCertificate = @"-----BEGIN CERTIFICATE-----
BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
-----END CERTIFICATE-----";

// 2. Let's read the data - SAML providers usually POST it into the "SAMLResponse" var
Saml.Response samlResponse = new Response(samlCertificate, Request.Form["SAMLResponse"]);

// 3. We're done!
if (samlResponse.IsValid())
	username = samlResponse.GetNameID();

}
Reading more attributes from the provider
SAML providers usually send more data with their response: username, first/last names etc. Here's how to get it:

if (samlResponse.IsValid())
{
//WOOHOO!!! user is logged in

//Some more optional stuff for you
//let's extract username/firstname etc
string username, email, firstname, lastname;
try
{
	username = samlResponse.GetNameID();
	email = samlResponse.GetEmail();
	firstname = samlResponse.GetFirstName();
	lastname = samlResponse.GetLastName();
}
catch(Exception ex)
{
	//insert error handling code
	//no, really, please do
	return null;
}

//user has been authenticated, put your code here, like set a cookie or something...
//or call FormsAuthentication.SetAuthCookie() or something

}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
new feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@CastleSoft @exilon