Skip to main content
Version: 4.0.4

Regular Web Application (SAML2.0)


The source code of this project can be found here.

To implement SAML2.0 in a regular web application, you'll need to follow the following steps.

1. Configure an application

Utilize the administration UI to configure a new SAML2.0 SP (Service Provider) client :

  1. Open the IdentityServer website at https://localhost:5002.
  2. On the Clients screen, click on the Add client button.
  3. Select SAML SP and click on next.
  4. Fill-in the form like this and click on the Save button to confirm the creation.
Metadata URLhttp://localhost:5125/Metadata

If the checkbox Use Artifact is checked, then the Artifact binding will be used; if it is not checked, the Post Binding is used by default.

The Public and Private keys are displayed, keep those values into a file, they will be used later during the configuration of the website.

The Public and Private keys are displayed; please save these values in a file as they will be used later during the website configuration.

2. Create ASP.NET CORE Application

Finally, create and configure an ASP.NET CORE Application.

  1. Open a command prompt and execute the following commands to create the directory structure for the solution.
mkdir SamlRpWebsite
cd SamlRpWebsite
mkdir src
dotnet new sln -n SamlRpWebsite
  1. Create a web project named Website and install the SimpleIdServer.IdServer.Saml.Sp NuGet package.
cd src
dotnet new mvc -n Website
cd Website
dotnet add package SimpleIdServer.IdServer.Saml.Sp
  1. Add the Website project into your Visual Studio solution.
cd ..\..
dotnet sln add ./src/Website/Website.csproj
  1. Edit the Program.cs file and configure the SAML2.0 authentication.
builder.Services.AddAuthentication(options =>
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "samlSp";
.AddSamlSp("samlSp", options =>
options.SPId = "samlSp";
options.IdpMetadataUrl = "https://localhost:5001/master/saml/metadata";
var currentPath = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location);
options.SigningCertificate = X509Certificate2.CreateFromPemFile(Path.Combine(currentPath, "sidClient.crt"), Path.Combine(currentPath, "sidClient.key"));
  1. Add a ClaimsController controller with one protected operation.
public class ClaimsController : Controller
public IActionResult Index()
return View();
  1. Create a view Views\Claims\Index.cshtml with the following content. This view will display all the claims of the authenticated user.
@foreach (var claim in User.Claims)
<li>@claim.Type : @claim.Value</li>
  1. "Copy the Private Key obtained from the first step into the sidClient.key file, and the Public Key into the sidClient.crt file.

  2. In a command prompt, navigate to the src\Website directory and launch the application.

dotnet run --urls=http://localhost:5125

Finally, browse the following URL: http://localhost:5125/claims. The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed