1

A third party software provides the feature of SSO through SAML version 2.0.

Their documentation provides information on what fields they would be sending in their request and what fields they would be expecting back in order to authenticate a specific user. The concept actually seems very straight forward, but I'm having trouble working with the SAML itself.

So far I was able to receive, decompress, and parse their SAML request, but I couldn't figure out how to create a SAML to send back to them.

I looked at SamlAssertion class, but since I'm using .NET 3.5 version, the class only generates SAML version 1.1.

Other than that, I didn't find a lot of resources on how to create a simple SAML response.

Therefore, the question is: How do I create a simple SAML 2.0 response with C#?

Any help appreciated!

Thanks!

Naner
  • 1,292
  • 6
  • 25
  • 43
  • Why not use the [Windows Identity Foundation extension](http://blogs.msdn.com/b/card/archive/2011/05/16/announcing-the-wif-extension-for-saml-2-0-protocol-community-technology-preview.aspx)? – Steven V Apr 03 '13 at 18:47

3 Answers3

3

Since SAML uses XmlDsig for message level security, you could create tokens manually, according to the specs and then just sign the Xml with SignedXml class.

Also, take a look at this

http://www.componentspace.com/Products/SAMLv20.aspx

Wiktor Zychla
  • 47,367
  • 6
  • 74
  • 106
1

Have a look at Working with SAML 2.0 in C# .NET 4.5 which covers much the same ground.

You could use the WIF SAML CTP but that is only a preview and hasn't been upgraded for ages.

Otherwise, as per @Wiktor, use one of the commercial stacks.

I am not aware of any open-source SAML stacks in C#.

The closest is OpenSAML which is written IIRC in C.

Community
  • 1
  • 1
rbrayb
  • 46,440
  • 34
  • 114
  • 174
1

Look at the code in the sample SelfSTS project on MSDN.

This blog post goes into detail on how it works. Requires .Net 4.0 and WIF runtime.

SelfSTS: when you need a SAML token NOW, RIGHT NOW

SelfSTS is a simple .EXE file, which does not require IIS and never touches the certificates store. There is no installation required, you just need the .EXE file itself, its configuration file and the PFX file of the certificate you want to use for signing tokens. Its only requirements are .NET 4.0, the WIF runtime and (if you want to generate extra certificates) the Windows SDK.

SelfSTS provides a simple UI for easily editing the types and values of the claims it will emit: the metadata document will be dynamically updated accordingly.

SelfSTS offers a UI for simplified creation of self-signed X.509 certificates, which you can use if you need to use a signing certificate with a specific subject or if for some reason you cannot use the certificate provided out of the box.

Editing Claims Editing Claims

Community
  • 1
  • 1
GalacticJello
  • 11,235
  • 2
  • 25
  • 35
  • Are you sure that's something to consider, this is what the author says: "I feel silly even at having to say that, but for due diligence… SelfSTS is obviously ABSOLUTELY INSECURE. It is just a test toy, and as such it should be used. It gives tokens without even checking who the caller is, and it does that on plain HTTP. It signs tokens with self-signed certificates, and it stores the associated passwords in the clean in the web config. It is the very essence of insecurity itself. Do not use it for anything else than testing applications at development time, on non production systems." – Naner Apr 03 '13 at 21:12
  • Yes, you just want some code to create a SAML response. This has it and more. You can ignore the fact that it is part of a cool STS testing app that you can use for other stuff down the road. Look at the guts in the code and see how it creates the response. That's what you want. Ignore the STS parts. – GalacticJello Apr 03 '13 at 21:18
  • Are you sure that SelfSTS issues SAML 2.0 tokens rather than 1.1 tokens? – Wiktor Zychla Apr 04 '13 at 07:07
  • Check out this link for some C# SAML2 code. http://code.msdn.microsoft.com/Windows-Azure-AD-Access-0dcde385/sourcecode?fileId=71587&pathId=2066023829 – GalacticJello Apr 04 '13 at 13:20