How to integrate the SAML in ASP.net Webforms. can you please help me how to do it using sustainsys.saml2 or if you have any other method it will also work
Hi Ajayshanbhag,
I have to ask, if you are integrating a new application why do you want to use SAML and not Open Authentication with OpenID Connect? It’s just as secure and much simpler. There isn’t anything wrong with SAML, but I wouldn’t bother unless your app has to talk to identity providers that only speak SAML.
Open Windows Authentication (OWIN) is the vehicle in ASP.NET to do both SAML and OIDC in ASP.NET. You did not say if your application is “framework” or “core”. OWIN for framework is “katana”, it’s built into core. They work almost the same, but in core there are some ASP.NET differences.
This link will take you to an Okta tutorial on implementing OWIN, although it does OIDC and not SAML: Configure .NET Authentication in OWIN | Okta Developer. Search the network for an OWIN+SAML example.
Regards,
Joel
Hi jmussman,
Its a requirement from the client to use SAML , since we are using asp.net framework and not core. It would be really helpful if i can get some documentation or any references where i can see and implement according to the need.
Regards,
Ajay
I am with the same problem now. Did you find any solution to this? Did you find doc or examples? Could you please help me because I’m totally stuck with this and I need to do that implementation
Best,
Claudia Cortes
Unless someone is looking over my shoulder and knows differently, as far as I know we at Okta don’t have an OWIN+SAML+Framework example anywhere.
I did a little digging for you folks, and the Sustainsys.Saml2.Owin package is built for Katana (OWIN+Framework 4.5): NuGet Gallery | Sustainsys.Saml2.Owin 2.9.2.
This tutorial fromn 2019 goes through using that package and my brief passthrough looks like it is using Framework, not Core: Federated Authentication with a SAML Identity Provider - Applied Information Sciences.
Take a look at that and let me know here if it helps!
I was rereading your response from yesterday, did you mean that you have a requirement to use SAML, or you have a requirement to use SAML because it’s Framework? I ask because the second case is not true, OIDC works with OWIN and Framework. I know because I was successful at it for an Okta client.
@jmussman
we have a requirement to SAML they have already created an app in OKTA using SAML 2.0
Ajay, your app is the only app using that client ID, right? Because distinct apps should not be sharing integrations.
An integration only configures three things:
- User provisioning for SAML applications, I am pretty sure you are not using that.
- The assignment of users to the app.
- How the app connects.
So if all of that is true, why don’t they just recreate the app as an OIDC (auth-code + client secret) app? It’s trivial to delete it, recreate it, and reassign the users. A whole lot less work than trying to integrate SAML.
Ajay, using SustainSys, ITFoxtec was a option but it required to much maintainence and custom development.
I always recommend using commercial solution and login & authentication process is the most secured part and the security solution should not be compromised at all.
I am using a solution miniOrange .NET SSO from last 10 years and it has been very secured and efficent removing any unwanted attempts on my 20+ applications.