ComponentSpace

Forums



Posting SAML Response using ReceiveSsoAsync()


Posting SAML Response using ReceiveSsoAsync()

Author
Message
Divya
Divya
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 13
I am new to SSO SAML and to ComponentSpace.
I could successfully generate the SAML Response, however I am facing challenge to post it.

I was trying to use following approach, but seems its deprecated for ASP.Net Core:
IdentityProvider.SendSAMLResponseByHTTPPost(Response, url, samlResponseXml, relayState);

While following the approach as per examples and documentation, I am facing challenge in initializing the "SamlIdentityProvider"

await _samlIdentityProvider.ReceiveSsoAsync();
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
IdentityProvider.SendSAMLResponseByHTTPPost is part of the SAML for ASP.NET low-level API. There is a low-level API in the SAML for ASP.NET Core product but you're much better off using the high-level API available through the ISamlIdentityProvider and ISamlServiceProvider interfaces. 

ReceiveSsoAsync is part of the ISamlServiceProvider interface. It's used at the SP to receive and process a SAML response sent by a partner IdP.

If you're the IdP and you wish to create and send a SAML response to a partner SP, you should call ISamlIdentityProvider.InitiateSsoAsync, for IdP-initiated SSO, or ISamlIdentityProvider.SendSsoAsync, for SP-initiated SSO.

The ExampleIdentityProvider project demonstrates calling these APIs. The Examples Guide walks you through this and other example projects.

Regards
ComponentSpace Development
Divya
Divya
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 13
ComponentSpace - 11/12/2019
IdentityProvider.SendSAMLResponseByHTTPPost is part of the SAML for ASP.NET low-level API. There is a low-level API in the SAML for ASP.NET Core product but you're much better off using the high-level API available through the ISamlIdentityProvider and ISamlServiceProvider interfaces. 

ReceiveSsoAsync is part of the ISamlServiceProvider interface. It's used at the SP to receive and process a SAML response sent by a partner IdP.

If you're the IdP and you wish to create and send a SAML response to a partner SP, you should call ISamlIdentityProvider.InitiateSsoAsync, for IdP-initiated SSO, or ISamlIdentityProvider.SendSsoAsync, for SP-initiated SSO.

The ExampleIdentityProvider project demonstrates calling these APIs. The Examples Guide walks you through this and other example projects.

Thanks for the information. The SSO is working fine. But is it possible to load content within an IFRAME, without having it redirect the entire browser window to the destination?

The IFRAME content should contain the newly signed-into application. The SSO is working correctly but the entire browser page redirects into the application, losing the containing page.

Is it possible to limit the redirect to the IFRAME itself?

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Initiate the SAML SSO from within an iFrame and the IdP's login page will be displayed in the iFrame.

Regards
ComponentSpace Development
Divya
Divya
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 13
ComponentSpace - 11/14/2019
Initiate the SAML SSO from within an iFrame and the IdP's login page will be displayed in the iFrame.

Thanks that helped. 
I am setting the RelayState = "http://XYZURL/". However its not getting redirected to it. Its being redirected to the default URL  only (AssertionConsumerServiceUrl).

Is there any other configuration we should be doing to have relayState working.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
For SP-initiated SSO, the relay state you send with the SAML authn request to the IdP is returned by the IdP along with the SAML response.
The SAML response will still be received at your assertion consumer service.
Your application may use the relay state to redirect to a given URL once SSO completes.




Regards
ComponentSpace Development
Divya
Divya
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 13
Is there any option to override or add/remove cutom headers in SAML response.
My requirement is to remove the x_frame_options: SAMEORIGIN from SAML Response Headers.
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We don't directly add that header and we don't provide an option for adding or removing the HTTP headers.

I think your best option would be to write some custom middleware to remove the header.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search