12

Does Thinktecture IdentityServer V3 has support for SAML or does it only support OAuth?

Greens
  • 3,061
  • 11
  • 43
  • 61

4 Answers4

12

IdentityServer v3 supports any Katana-compatible Owin middleware for authentication. With a compatible middleware for SAML2 such as Kentor.AuthServices IdentityServer 3 can authenticate against external SAML2 Identity Providers with Idsrv acting as a SAML2 Service Provider. I wrote a blog post on how to do it.

There's also a plugin interface which would allow IdentityServer v3 to act as a SAML2 Identity Provider but as far as I know there's no implementation available.

Anders Abel
  • 67,989
  • 17
  • 150
  • 217
  • It's been almost 2 years. Is there any progress on the new tools to use SAML 2 with Identityserver3 ? I liked Kentor.AuthServices but would like to know if there are any other such tools. – Venkata Dorisala Feb 02 '17 at 17:23
2

There is Owin middleware to support the SAML protocol you can use with IdentityServer v3. It does not yet support all flows but it is being used in a couple implementations. Full disclosure - I am the author of this code which was forked from a previous SAML2 library on CodePlex.

Emil Lerch
  • 4,416
  • 5
  • 33
  • 43
1

Nope! No SAML.

leastPrivilege.com

In the article Dominick says... "Having spent a considerable amount of time in the WS*/SAML world, it became more and more apparent that these technologies are not a good match for the modern types of applications that we (and our customers) like to build."

They focused on OpenID Connect and OAuth2.

DavidEdwards
  • 593
  • 3
  • 12
  • 3
    Didn't downvote because this was probably accurate two years ago. As of now there is a nuget package called IdentityServer3.WsFederation to enable this. here's an article that should get you started: https://www.scottbrady91.com/Identity-Server/Identity-Server-3-using-WS-Federation – Chazt3n Jan 27 '17 at 19:35
1

OpenID Connect, OAuth2, WS-Fed.

@DavidEdwards - no - IdentityServer2 has no SAML support OOTB.

I normally get around this by:

IdentityServer --> WS-Fed --> ADFS --> SAML --> IDP

rbrayb
  • 46,440
  • 34
  • 114
  • 174
  • In the readme.md file on the github page (https://github.com/IdentityServer/Thinktecture.IdentityServer2) it says "Multiple protocols support (WS-Trust, WS-Federation, OAuth2, HTTP GET) Multiple token support (SAML 1.1/2.0, JWT)" Am I misunderstanding something? – DavidEdwards Mar 03 '15 at 04:45
  • 4
    saml is a token type (assertions) and a protocol. The protocol is not supported. – leastprivilege Mar 03 '15 at 05:31
  • 1
    @leastprivilege , After 2 years is this still the case? I have implemented IdentityServer V3 as my identity provider but I have some old clients that use saml tokens. I want to accept their Saml tokens so they can have a seamless Single sign on experience into my app. Are the libraries mentioned above a viable/recommended option for this? – RayLoveless Apr 12 '17 at 13:50
  • @RayLoveless are you able to find out if IdentityServer 3 supports SAML. Its says `Support for external social identity providers like Google, Facebook etc, as well as integration for enterprise identity management systems via SAML and WS-Federation.` https://identityserver.github.io/Documentation/docsv2/overview/highLevelFeatures.html – LP13 Aug 22 '18 at 16:25
  • @LP13, It's been a while since looked at the code from our implementation I believe we wrote some custom code to support a saml 2p client(salesforce). Sorry I don't have access to the code anymore because it was for a past employer or I would look into it for you. sorry. – RayLoveless Aug 22 '18 at 17:58
  • As per the post below, Kentor (now called Sustainsys) is an option. OOTB. no - no support. – rbrayb Aug 22 '18 at 18:52