I have been tasked with implementing SSO in an Umbraco v 8 application with the following set-up:
The 3rd party application will initiate a call to the Umbraco site so that it's users can use the Umbraco content without logging in. The 3rd party site will also act as the Id provider.
On researching I thought about the approach used here:
https://skrift.io/issues/integrating-saml-into-umbraco/
So that all I have to do is set up the SAML and deal with the incoming signed assertion. Not having done this before I would like any input around:
Is this the correct approach?
Where should the SAML.config mentioned in the article live? (I have installed the nuget package and thought I might see it in the solution but there is nothing there.)
The article also mentions creating a custom route at application start-up, what is the Umbraco equivalent of this?
"In the Identity Provider Initiated Single Sign On scenario, the Member has visited the Identity Provider, and followed a link which has redirected them back to the Service Provider (our site). The redirection includes in it a SAML Assertion.
To enable this, at application start-up you create a custom route which can be called by the Identity Provider, and then load up the saml.config file into Component Space using SAMLConfiguration.Load()."
The other issue may be that once SAML is configured, I'm assuming it will only work for that particular client, along with normal logins, so I could not implement this for multiple clients, unless I had a separate SSO application configured for each client?
Any information would be greatly appreciated.
Thanks.
public class SsoController : Controller
{
public ActionResult AssertionConsumerService()
{
try
{
bool isInResponseTo = false;
string partnerIdP = null;
string userName = null;
string targetUrl = null;
// Receive and process the SAML assertion contained in the SAML response.
SAMLServiceProvider.ReceiveSSO(Request, out isInResponseTo, out partnerIdP, out userName, out attributes, out targetUrl);
//Get the member from their user name
var memberService = ApplicationContext.Current.Services.MemberService;
var checkMember = memberService.GetByUsername(userName);
if (checkMember == null)
{
TempData["ErrorMessage"] = string.Format("The user {0} does not exist in this application.", userName);
return Redirect("~/error");
}
FormsAuthentication.SetAuthCookie(userName, false);
return RedirectToLocal("~/");
}
catch (Exception ex)
{
TempData["ErrorMessage"] = "There was a problem authenticating the user.";
return Redirect("~/error");
}
}
}
By default, the saml.config is expected to be in the application's root folder.
If you download the free trial version, rather than just the NuGet packages, you'll see various example projects and their saml.config files.
Your saml.config will be specific to your environment but the examples and documentation should help in setting this up.