Go2.AuthServices is a library that adds SAML2P support to ASP.NET and IIS web sites, allowing the web site to act as a SAML2 Service Provider (SP).
The library can be used as an Http Module, loaded into the IIS pipeline. The module is compatible with ASP.NET web forms sites.
Note that this last usage scenario enables SAML identity providers to be integrated within IdentityServer3 package. Review this document to see how to configure AuthServices with IdentityServer3 and Okta to add Okta as an identity provider to an IdentityServer3 project. There is also a SampleIdentityServer3 project in the AuthServices repository.
Once installed the web.config
of the application must be updated with configuration.
See configuration for details.
- Check the issues archive.
- Check the SAML2 specification, starting with the core section.
- Log your actual SAML2 conversation with SAML Chrome Panel or SAML Tracer for Firefox.
- Last but not least, download the AuthServices source and check out what's really happening.
The Saml2AuthenticationModule is modeled after the WSFederationAuthenticationModule to provide Saml2 authentication to IIS web sites. In many cases it should just be configured in and work without any code written in the application at all (even though providing an own ClaimsAuthenticationManager for claims translation is highly recommended).
The solution also contains a stub (i.e. dummy) identity provider that can be used for testing. Download the solution.
The protocol handling classes are available as a public API as well, making it possible to reuse some of the internals for writing your own service provider or identity provider.