For past week I did a lot of research on the topic of using Single Sign On with SAML 2.0
. I have found a lot of good articles and I understand the process of SSO in detail, but I am encountering problems when implementing it in our C#
solution with .Net Framework 4.5.
Let me describe my understanding of the process and how I imagine I should go about applying it:
The user goes to our software which is the Service Provider (SP). We are having different instances trimmed to our client's needs.
After typing the email address, he should be re-directed to our Identity Provider (IdP). At this point I believe I should be sending an authentication token to check if the user is not already logged in on the IdP. In case the user is, I would want to login the user to our system. In case he is not, he would then log in on their IdP.
SAML
Response token back to our website URL. So far I haven't found any good resources on the actual process of generating the SAML Request or a way of decrypting our SAML
token in the C#
code.
For the testing we are using ADFS 2.0 as the IdP and we are getting the SAML
Response from it. When we will process the response we would like to compare the information in our database with the email in the response to verify the users details before letting them into the system.
The examples I have been able to find are either out of date or are not giving detailed explanation. If anyone would be able shine some light on it for me, by either providing some examples of implementation or a good and up to date resource that I haven't yet managed to find.
SAMl 2.0 is not a simple protocol and as you have discovered it is not trivial to roll your own.
Use a SAML client side stack.
Note there is not an official one from Microsoft.
Refer SAML : SAML connectivity / toolkit for some ideas.
This will do all the heavy lifting and plumbing for you.