working example

Jan 28, 2015 at 2:04 AM
Edited Jan 29, 2015 at 10:22 PM
Is there a working example solution with SP, IdP? Something like dk.nita.saml20
Coordinator
Mar 18, 2015 at 7:15 PM
There is not a this time. I could see where the documentation is lacking in this case for you.

First, this library is purely a client-side library, with no easy way to implement a simple IdP to actually run against... So creating a sample project could be confusing as it wouldn't work out of the box, and every SAML implementation usually involves extensive configuration and setup.

We run into this problem with the unit tests too. It'd be nice to have the option to do a real integration test with this. Some have suggested using third party IdP's, etc., but I haven't done anything in that area yet.

So documentation would be the right answer here for now, but as I said, it might be hard to figure out where to look here.

What you want is listed under SignOn and Logout on the root doc page. Basically, this library works like this:
  1. Unauthenticated user goes to page
  2. Page forces unauthenticated user to the signon endpoint. There are several mechanisms you can use for this, such as FormsAuthentication default redirect, etc. This is outside the scope of the library and you are responsible for doing it the way that makes sense for your app.
  3. Signon magic happens
  4. Now IdP authenticated user will come back and the signon handler will handle next steps. And this is where you want to pay attention.
  5. Configurable Actions are executed. This library provides a few out of the box (https://saml2.codeplex.com/wikipage?title=Actions%20Element), and they are executed in the specified order if you don't define the <actions> element yourself. If you do define this element, you need to specify at least "SamlPrincipalAction" first as this handles reading the IdP response, and usually you want the "RedirectAction" last in the list as it handles redirecting to the original requested URL after all authentication actions have completed. In the middle is where you configure either the included "FormsAuthenticationAction" or your own custom action (Which is also covered in documentation: https://saml2.codeplex.com/wikipage?title=Custom%20Authentication%20Process)
The included FormsAuthenticationAction is really simple and doesn't do much besides setting the forms auth cookie. In general, people usually have other things that have to happen when someone logs in (E.g., setting database last logged in data, maybe setting additional cookies or session variables, etc.), which is why I think MOST implementations will probably want to implement their own custom auth action instead of using that.

If you have other specific questions, I can try and help you out.