Regular Web Application (SAML2.0)
The source code of this project can be found here.
To implement SAML2.0 in a regular web application, you'll need to follow the following steps.
1. Configure an application
Utilize the administration UI to configure a new SAML2.0 SP (Service Provider) client :
- Open the IdentityServer website at https://localhost:5002/master/clients.
- On the Clients screen, click on the
Add client
button. - Select
SAML SP
and click on next. - Fill-in the form like this and click on the
Save
button to confirm the creation.
Parameter | Value |
---|---|
Identifier | samlSp |
Name | samlSp |
Metadata URL | http://localhost:5125/Metadata |
If the checkbox Use Artifact
is checked, then the Artifact binding will be used; if it is not checked, the Post Binding is used by default.
The Public and Private keys are displayed, keep those values into a file, they will be used later during the configuration of the website.
The Public and Private keys are displayed; please save these values in a file as they will be used later during the website configuration.
2. Create ASP.NET CORE Application
Finally, create and configure an ASP.NET CORE Application.
- Open a command prompt and execute the following commands to create the directory structure for the solution.
mkdir SamlRpWebsite
cd SamlRpWebsite
mkdir src
dotnet new sln -n SamlRpWebsite
- Create a web project named
Website
and install theSimpleIdServer.IdServer.Saml.Sp
NuGet package.
cd src
dotnet new mvc -n Website
cd Website
dotnet add package SimpleIdServer.IdServer.Saml.Sp
- Add the
Website
project into your Visual Studio solution.
cd ..\..
dotnet sln add ./src/Website/Website.csproj
- Edit the
Program.cs
file and configure the SAML2.0 authentication.
builder.Services.AddAuthentication(options =>
{
options.DefaultScheme = "Cookies";
options.DefaultChallengeScheme = "samlSp";
})
.AddCookie("Cookies")
.AddSamlSp("samlSp", options =>
{
options.SPId = "samlSp";
options.IdpMetadataUrl = "https://localhost:5001/master/saml/metadata";
var currentPath = Path.GetDirectoryName(Assembly.GetEntryAssembly().Location);
options.SigningCertificate = X509Certificate2.CreateFromPemFile(Path.Combine(currentPath, "sidClient.crt"), Path.Combine(currentPath, "sidClient.key"));
});
- Add a
ClaimsController
controller with one protected operation.
public class ClaimsController : Controller
{
[Authorize]
public IActionResult Index()
{
return View();
}
}
- Create a view
Views\Claims\Index.cshtml
with the following content. This view will display all the claims of the authenticated user.
<ul>
@foreach (var claim in User.Claims)
{
<li>@claim.Type : @claim.Value</li>
}
</ul>
-
"Copy the
Private Key
obtained from the first step into thesidClient.key
file, and thePublic Key
into thesidClient.crt
file. -
In a command prompt, navigate to the
src\Website
directory and launch the application.
dotnet run --urls=http://localhost:5125
Finally, browse the following URL: http://localhost:5125/claims. The User-Agent will be automatically redirected to the OpenID server. Submit the following credentials and confirm the consent. You will be redirected to the screen where your claims will be displayed
Credential | Value |
---|---|
Login | administrator |
Password | password |