Help to integrate Okta SAML with existing ASP.NET WebAPI app


#1

I got this app from another developer. Ill try my best to describe it.

It uses WebAPI OWIN (there is no MVC). The resource server, authorization server and application is the single ASP.NET app. The grant type for OAuth I believe is “Resource Owner Password Credentials”.

I need to implement SSO using Okta and SAML on top of OAuth.

I would appreciate if someone gives me a jump start.


#2

Hey @maxima,

I’m not 100% sure what you mean by SAML on top of OAuth. I’ve seen a few projects that have mixed the two, but the easiest option is to just use OAuth 2.0. Have you seen our examples:

https://github.com/okta/samples-aspnet
https://github.com/okta/samples-aspnetcore

If those don’t help, let us know more detail on what you are looking to do, and we can point you in the right direction!


#3

you mean this (your links return 404) : https://developer.okta.com/quickstart/#/widget/dotnet/aspnet4 (there is a sample with OpenID for WebAPI which I don’t see how to utilize)

The app in question uses OAuth 2.0

What I need to achieve is that user can be authorized either way - user/pwd html page with OAuth and with Okta/SAML with minimum code change.

I am not clear where to insert Okta in the OAuth flow.

Currently I have a token based flow - html client sends login/password, gets token from OAuthAuthorizationServerProvider implementation, then all calls to the resource (rest service with methods marked [Authorize]) OAuth does the job and test the token etc.

Now I need to make Okta login available instead of our html login page for certain users. but still keep the old functionality for other.

My current question - I need to receive “SAML Assertion” in my OAuth service to use it as a bearer token


#4

If use Okta as a SAML IDP, take a look at the middleware approach provided by


I had success with it

You can also use Okta as an OIDC IDP, consider IdentityServer 3 for pre-.NetCore, or IdentityServer4 for .NetCore


Both SAML2 and IdentityServer are solid options.


#5

Thank you. Sustainsys solution and the sample app would need a week to unravel.

I just need to get a token. I don’t believe this has to be hard.

@bdemers - surely I am not the first to have an OAuth app and wanting to add Okta to it… Must be like 2 lines of code. Can you help me?


#6

Hi @maxima! Did you end up achieving what you were asking in this topic? My understanding is that you were about to do exactly what I’m supposed to now, and I would appreciate if you could share some of your findings. Thanks!


#7

I think I am looking for the same solution. We have an app using OAuth2 and IdentityServer, but we now have a requirement to accept logins via SAML, so I would like to use OKTA to get a SAML Assertion, then take that Assertion to IdentityServer to get an OAuth2 access token to use against our REST API.