Can ITfoxtec SAML2 supprot multiple IdPs?

Question

I am attempting to make my ASP.NET MVC web app provide SSO to multiple IdPs, and I am wondering if it is possible to support this scenario using the ITfoxtec.SAML2 library.

I have many different clients, several of whom want to have an SSO integration with my service. Each of the clients has a different sub-domain (e.g. business1.myapp.com, business2.myapp.com, etc.) and I will need to use their unique part of the name to look up their metadata and produce a configuration that will talk back to them.

The example code that I have seen seems to be supporting a more traditional one IdP to one SP scenario.

Additionally, if any one knows of a non-Core ASP.NET MVC example application, I would be profoundly grateful to know where to find it.

score 5 · Accepted Answer · answered Jan 16 '20 at 11:24

5

In your case I would implement some Saml2Configuration logic, where I can ask for a specific Saml2Configuration for the current IdP. This specific Saml2Configuration is then used in the AuthController.

After a binding.ReadSamlResponse(Request.ToGenericHttpRequest(), saml2AuthnResponse) with a generic Saml2Configuration you can read the IdP issuer in saml2AuthnResponse.Issuer. And then load the correct Saml2Configuration.

A link to a non-Core ASP.NET MVC relaying party sample application https://github.com/ITfoxtec/ITfoxtec.Identity.Saml2/tree/master/test/TestWebApp

answered Jan 16 '20 at 11:24

Anders Revsgaard

3,636
1
9
25

1

I have the same issue, can you provide some sample for it? – BASEER HAIDER JAFRI Jul 07 '22 at 16:15
I have some Saml2Configuration logic code in FoxIDs you can look at https://github.com/ITfoxtec/FoxIDs/blob/master/src/FoxIDs/Logic/Saml/SamlConfigurationLogic.cs – Anders Revsgaard Jul 18 '22 at 09:06

Can ITfoxtec SAML2 supprot multiple IdPs?

1 Answers1

Linked