+xThe recommendation is to use the SAMLHttpRequest and SAMLHttpResponse classes in the ComponentSpace.SAML2.Utility namespace.
These do not remove the dependency on System.Web but are adapter/wrapper classes that may be used to support ServiceStack and other frameworks.
The dependency on System.Web has been removed with the SAML v2.0 .NET standard library that we released earlier this year for ASP.NET Core.
It's less likely now that we will remove the System.Web dependency from our SAML v2.0 .NET framework class library although, as always, that's driven by customer demand.
Do these work? If so, is there any documentation on what's required? The basic constructor doesn't appear to be sufficient for the SAMLHttpRequest to be used in the SAMLServiceProvider.ReceiveSSO call. Here's an example:
NameValueCollection formData = await myHttpRequestMessage.Content.ReadAsFormDataAsync();
string samlResponse = formData["samlResponse"];
string relayState = formData["relayState"];
samlResponse = Encoding.UTF8.GetString(Convert.FromBase64String(samlResponse));
relayState = Encoding.UTF8.GetString(Convert.FromBase64String(relayState));
SAMLHttpRequest webRequest = new SAMLHttpRequest(samlResponse, relayState, true);
bool isInResponseTo;
string partnerIdP;
string authnContext;
string userName;
IDictionary<string, string> attributes;
string relayStateFromMessage;
ComponentSpace.SAML2.SAMLController.Configurations = ComponentSpace.SAML2.Configuration.SAMLConfigurationFile.Load(@"C:\configurationFiles\saml.config");
ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(webRequest,out isInResponseTo,out partnerIdP, out authnContext,
out userName, out attributes, out relayStateFromMessage);
This returns an exception "There is no HTTP context":
at ComponentSpace.SAML2.Utility.SAML.GetHttpContext()
at ComponentSpace.SAML2.Utility.SAML.GetHttpSessionState()
at ComponentSpace.SAML2.Data.SessionIDDelegates.GetSessionIDFromHttpSessionState()
at ComponentSpace.SAML2.Data.AbstractSSOSessionStore.get_SessionID()
at ComponentSpace.SAML2.Data.AbstractSSOSessionStore.CreateSessionIDForType(Type type)
at ComponentSpace.SAML2.Data.HttpSSOSessionStore.Load(Type type)
at ComponentSpace.SAML2.SAMLController.LoadSAMLConfigurationState()
at ComponentSpace.SAML2.InternalSAMLServiceProvider..ctor()
at ComponentSpace.SAML2.SAMLServiceProvider.ReceiveSSO(HttpRequestBase httpRequest, Boolean& isInResponseTo, String& partnerIdP, String& authnContext, String& userName, IDictionary`2& attributes, String& relayState)
I didn't see anything about the SAMLHttpRequest in the developer guide, but there is some version of in the dll (but a lot of things throw NotImplementedException). I'm using a self-hosted application -- so it doesn't have access to HttpContext.Current -- is that required even using the HttpRequestBase overloads of ReceiveSSO?
Any ideas? Or is this simply not going to work?