I have a requirement to implement single sign-on from our old application to new application. The flow exists as follows:
1) User logs into their old application portal with his credentials. This old application is currently acting as IDP as it stores the credentials(userid/password) of all the existing users.
2) Now the user clicks on a link from old application which will redirect him to the new application. Please note that the new application is developed by us which acts as a Service provider. The new application doesnt have any information about the user and his credentials. I need to implement SSO here so that when the user clicks on the new application link from old application he will be just redirected to the new application. Our old application which is acting as IDP is generating the SAML assertion and are providing to us.
I need help with implementing the Service provider to receive the SAML assertion. Please see below where I need help
3) Currently, As we are receiving the SAML assertion from the old application. My team lead has suggested me to expose a service end point(WCF service or .net web service) to receive a http post. My understanding is he is asking me to write a WCF Restful service using post so that the old application can share the SAML assertion. Is my understanding correct and is this a correct process?
Next he asked me to test the service I write to output the result. How to test the service?
I need help to how to write the service to receive SAML response at Service Provider end. Is SAML response a file that we receive?
