This project is read-only.

Saml20MetadataHandler generate a SAML2 metadata file

Jun 1, 2016 at 6:12 PM
The Saml20MetadataHandler will generate a SAML2 metadata file for your service provider from the configuration.

Is there a function I call for this?

Do I need encrypted certs for the process of authentication?
Jun 2, 2016 at 4:02 AM
You should just have to hit the URL you have assigned to the Saml20MetadataHandler. If you follow the defaults in the first code block of https://saml2.codeplex.com/documentation, then the default is "/Metadata.ashx". If you just hit that endpoint in any
browser, you'll get a SAML Metadata file returned based on your configured settings. There is no authentication on that endpoint on purpose, as it isn't necessarily sensitive information, and if you were really worried about it, after generating that metadata
and sending it in to your IDP, you can remove it from your web.config so it isn't available anymore.
Aug 4, 2016 at 4:42 PM
I have to say I'm very new to SAML2.0. I'm trying to hit the /Metadata.ashx file but it says the metadata directory could not be found. What could I missing? I'm trying to follow the instructions in the documentation.

Any help would be appreciated...
Aug 6, 2016 at 4:59 AM
You are likely missing the configuration in the web.config that I linked you to in my last reply. The Metadata.ashx endpoint is provided by a "handler" that this library contains. The link I provided, under the heading "Configuration", gives an example of registering that handler at the endpoint Metadata.ashx, in the web.config.

If you have followed that and still cannot reach that endpoint, the only reason I can think of is that you are running in IIS 6, which uses a different method for registering handlers. You'd need to go hunt up documentation on that. It'll be similar, but registered in a different area of the web.config.
Aug 9, 2016 at 8:29 PM
Thank you. I figured it out and it worked. Thank you again for your help.

I'm going to focus on the Login.ashx page now. Wish me luck!


Aug 9, 2016 at 8:30 PM
ok. thanks.

Michael G. Wheaton
Caelum
Systems Development Unit
SO/CIO/SDD/DCB/ASMS/SDU
National Oceanic and Atmospheric Administration
[email removed]
301-444-2742


Aug 9, 2016 at 10:11 PM
I was running into a similar set of issues and did get them to work. So I wanted to document the changes that I had to apply in case other run across a similar set of issues starting up a new Saml2.0 project. My project is an asp.net MVC 4.6. Here are the additional modifications that I had to apply:

In RouteConfig.cs ad before the default controller route maps. This was need to allow the webcebc
routes.IgnoreRoute("{handler}.ashx/{*pathInfo}"); 
Added a project folder called "METADATALOCATION" to coincide with the web.config setting of
<identityProviders metadata="METADATALOCATION">
Web.config:
  <saml2>
    <allowedAudienceUris>
      <audience uri="http://www.example.com" />
    </allowedAudienceUris>
    <serviceProvider id="urn:SPName" server="https://www.example.com">
      <signingCertificate findValue="localhost" storeLocation="LocalMachine" 
                          storeName="My" x509FindType="FindBySubjectName" />
      <endpoints>
        <endpoint type="SignOn" localPath="Login.ashx" redirectUrl="~/Index" />
        <endpoint type="Logout" localPath="Logout.ashx" redirectUrl="~/Index" />
        <endpoint type="Metadata" localPath="Metadata.ashx" />
      </endpoints>
    </serviceProvider>
    <identityProviders metadata="METADATALOCATION">
    </identityProviders>
  </saml2>
Aug 10, 2016 at 1:00 AM
Ah, good catch on the route ignore. I should put a note about that in the documentation. Makes perfect sense that wouldn't work if the handler is not executed ahead of the default MVC route handlers.