1

Hello all and thanks first,

I have a project that has .NET Core 2 API and Angular 8 Client application. I have implemented token based authentication between app and the api (without using IdentityUser or IdentityRole).

Now, I have to do authentication over SSO. I have a saml2 identity provider metadata and configured my api using this metadata using Sustainsys.Saml2.AspNetCore2 package.

Now I can create my own metadata and registered this metadata to IdentityProvider. Everything seems okay up to this point but when I try to login from IdentityProvider login page there is no change on my api.

Crazy questions in my mind

In Identity Provider's metadata there are only SSO and SLO redirect urls. There is no other method for authnrequests.(HTTP POST etc.) How will I login this Idp?

Idp has its own login page. If I will be have to redirect user to this login page, will I get any authentication token or cookie. Will my API be recognized about this login?

There should be an authentication data in any case(token, cooke, sessionid etc.). Where will I get this data to set Authorization header while sending requests to my API?

I have been trying for a while but my last attempt also does not work.

Can anybody help please?

Thanks a lot.

oktykrk
  • 111
  • 1
  • 11
  • Did you ever figure out any of this? I'm starting down the same path, and have the same questions. – JRS May 08 '20 at 17:01
  • unfortunately no. still have the problem. – oktykrk May 24 '20 at 13:37
  • 1
    Check out these resources: https://stackoverflow.com/questions/55025336/sustainsys-saml2-sample-for-asp-net-core-webapi-without-identity and https://github.com/hmacat/Saml2WebAPIAndAngularSpaExample (super useful!) – JRS May 25 '20 at 15:34

1 Answers1

1

You need to redirect to the identity provider, and it will then redirect back to your service provider api, from which you can set whatever security mechanisms you are using, and then redirect again to your local front-end (wherever you need to send your user).

Here are some resources I found helpful: 1) https://learn.microsoft.com/en-us/aspnet/core/security/authentication/?view=aspnetcore-3.1 (how authentication schemes work in .Net Core)

2) ASP.Net Core SAML authentication 1. https://github.com/Sustainsys/Saml2 (SAML 2.0 authentication package) 2. https://stubidp.sustainsys.com/ (Free IdP – can be used instead of local implementation, if desired. A local implementation would require deployment of the “Sustainsys.Saml2.StubIdp” project).

3) Sustainsys SAML2 Sample for ASP.NET Core WebAPI without Identity

4) https://github.com/hmacat/Saml2WebAPIAndAngularSpaExample (super useful sample implementation)

5) Not able to SignOut using Saml2 from Sustainsys (help in getting the logout to work with https://stubidp.sustainsys.com)

6) https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2/

JRS
  • 569
  • 9
  • 26