Shibboleth->Saml2 metadata

Question

So our site needs to authenticate with an external Shibboleth system. They say they support SAML2, so I added the Saml2 nuget to IdentityServer3, pointed it at their site. Seems to work, but on their end it says we aren't allowed to access it.

They need some metadata route to add so we can be recognized as valid, any idea what that would even be? They are saying https://your.sp-host.com/Shibboleth.sso/Metadata but we're not using Shibboleth internally so clearly that route on our end makes no sense.

This is the package I'm plugging in https://www.nuget.org/packages/Sustainsys.Saml2/

Answer 1

The metadata path would be one of the following if you are using the SustainSys.Saml2 package as an OWIN authentication provider under IdentityServer3:

Default:

<your site>/<your identity server root>/Saml2

e.g. https://yoursite.com/identityserver/Saml2

Or if you have an older version of the nuget:

<your site>/<your identity server root>/AuthServices

Or if you have customized the modulepath property (e.g. when using with multiple IDPs):

<your site>/<your identity server root>/YourCustomModulePathValue

Answer 2

You first need to understand the fields on metadata. Then you can create on your own. If you do not want to go to that lengthy process, then I would suggest you should create that using some online tool like https://www.samltool.com/sp_metadata.php .

Fields are

• EntityId: Any string, see this
• Attribute Consume Service Endpoint (HTTP-POST): you will need to extract this from your installation of SP
• certificate: This is optional but I recommand using this.

But before you create the metadata, I think you should understand your current installation of SAML 2 SP implementation. And validate that it is properly installed, otherwise it will be hard to debug.

Any SAML implementation will work with any other SAML implementation, so what you did is enough.

But If you are not able to create metadata, extract the path information, and extract assertion information, I would suggest you to install Shibboleth, it is pretty straight forward.