Yes, this is definitely possible and we have customers doing this now. I'm afraid we don't have any examples but it's fairly straightforward. The IdP and SP sides of your application are in many ways independent of each other with different endpoints etc. The flow would be:
1. Acting as the SP, call SAMLServiceProvider.InitiateSSO to send a SAML authn request to the IdP. 2. User logs into the IdP. 3. Call SAMLServiceProvider.ReceiveSSO to receive and process the SAML response from the IdP. 4. Login the user locally in the application. Possibly save user information in the session etc if required. 5. Acting as the IdP, call SAMLIdentityProvider.InitiateSSO to create and send a SAML response to the SP.
User identity information received from the IdP may be used to create and send the SAML response to the SP.
Regards ComponentSpace Development
|