I'm implementing SSO in our application with the application acting as the Service Provider and a 3rd party as the Id Provider as well as the initiating application.
I'm clear on what has to happen when I receive an assertion after authenticating - extract user info, log them in to the app, create them if necessary.
What I'm not clear on however is if I have to do anything to handle the entire relay process. In the diagram below, if I act upon an assertion then that would be starting at step 8, however I think I should be expecting a call in before that and should be doing something to handle steps 2 and 3.
At the moment I'm using a fairly simple nuget package, AspNetSaml, as this is free, but From what I can see it only really deals with a logon from the SP and handles the SAMl Response assertion.
//ASP.NET MVC action method... But you can easily modify the code for Web-forms etc.
public ActionResult SamlConsume()
{
// 1. TODO: specify the certificate that your SAML provider gave you
string samlCertificate = @"-----BEGIN CERTIFICATE-----
BLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAHBLAH123543==
-----END CERTIFICATE-----";
// 2. Let's read the data - SAML providers usually POST it into the "SAMLResponse" var
var samlResponse = new Response(samlCertificate, Request.Form["SAMLResponse"]);
// 3. We're done!
if (samlResponse.IsValid())
{
//WOOHOO!!! user is logged in
username = samlResponse.GetNameID();
}
}
Am I missing loads here to get SSO to work, and if so can anyone recommend a decent package to help do this?