Forums, Documentation & Knowledge Base - ComponentSpace

Specifying the SAML Configuration Programmatically

By ComponentSpace - 2/20/2014

For the majority of use cases, maintaining the SAML configuration in the saml.config configuration file is the simplest strategy.

SAML Configuration

However, there may be circumstances where configuration must be stored elsewhere (e.g. in a database).
Rather than defining configuration in the saml.config configuration file, the configuration may be specified programmatically. A good place to do this is in the Global.Application_Start method.
For example, the following code configures the local service provider and one partner identity provider.

SAMLConfiguration samlConfiguration = new SAMLConfiguration();

samlConfiguration.ServiceProviderConfiguration = new ServiceProviderConfiguration() {
    Name = "urn:componentspace:ExampleServiceProvider",
    AssertionConsumerServiceUrl = "~/SAML/AssertionConsumerService.aspx",
    LocalCertificateFile = "sp.pfx",
    LocalCertificatePassword = "password"

    new PartnerIdentityProviderConfiguration() {
        Name = "urn:componentspace:ExampleIdentityProvider",
        SignAuthnRequest = false,
        WantSAMLResponseSigned = true,
        WantAssertionSigned = false,
        WantAssertionEncrypted = false,
        SingleSignOnServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SSOService.aspx",
        SingleLogoutServiceUrl = "http://localhost/ExampleIdentityProvider/SAML/SLOService.aspx",
        PartnerCertificateFile = "idp.cer"

SAMLController.Configuration = samlConfiguration;


 And the following code configures the local identity provider and one partner service provider.

SAMLConfiguration samlConfiguration = new SAMLConfiguration();

samlConfiguration.IdentityProviderConfiguration =
    new IdentityProviderConfiguration() {
        Name = "urn:componentspace:ExampleIdentityProvider",
        LocalCertificateFile = "idp.pfx",
        LocalCertificatePassword = "password"

    new PartnerServiceProviderConfiguration() {
        Name = "urn:componentspace:ExampleServiceProvider",
        WantAuthnRequestSigned = false,
        SignSAMLResponse = true,
        SignAssertion = false,
        EncryptAssertion = false,
        AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx",
        SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider/SAML/SLOService.aspx",
        PartnerCertificateFile = "sp.cer"
SAMLController.Configuration = samlConfiguration;

By ComponentSpace - 12/16/2019

The local certificate is used to sign SAML messages sent to the partner.
The partner certificate is used to verify signatures on SAML messages received from the partner.
If acting as the service provider there will almost always be a partner certificate as the SAML response or assertion should always be signed and the signature verified.
Signing the SAML authn request sent to the identity provider as part of SP-initiated SSO is optional and if no signing occurs, a local certificate isn't required.