Identity server 4 with SAML 2.0 as external identity provider for SSO
I am using identity server 4 for authentication to my ASP.Net Core solution. And it is working well with Facebook, Google and other external identity provider. And now I am trying to add SAML 2.0 authentication to the identity server using Sustainsys.Saml2 from https://github.com/Sustainsys/Saml2 and making it work as an external identity provider. (Customers to our site want to login using their SAML identity provider using our Identity Server in the same way they can login via Facebook, Google, etc)
And what I have now is the
sign in URL - https://sso.domain.com/saml/idp/profile/redirectorpost/sso
sign out URL - https://sso.domain.com/saml/idp/profile/post/sls
- CRT certificate for the SAML based identity provider of our customer.
However, I cannot find the document that describes how to setup the configuration of SAML 2.0 in identity server 4 startup.cs file. I think the configuration should look like the following based on the sample available at: https://github.com/Sustainsys/Saml2/blob/master/Samples/SampleAspNetCore2ApplicationNETFramework/Startup.cs
services.AddAuthentication()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("...");
options.IdentityProviders.Add(
new IdentityProvider(
new EntityId("..."), options.SPOptions)
{
LoadMetadata = true,
});
options.SPOptions.ServiceCertificates.Add(new X509Certificate2("..."));
}
);
In the sample there are two url's
What do these represent?
Can somebody tell me how to setup all the options for SAML2 in identity server 4?
Answer
- is the entity id of your application - corresponding to client id in open id connect.
- is the entity id of the upstream idp.
There is a sample IdSrv4 in another branch: https://github.com/Sustainsys/Saml2/tree/netstandard/Samples/SampleIdentityServer4
There are working IdentityServer4 samples in https://github.com/Sustainsys/Saml2/tree/master/Samples