ComponentSpace

Forums



New to this, having a problem with certs


New to this, having a problem with certs

Author
Message
axufuris
axufuris
New Member
New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)New Member (2 reputation)

Group: Forum Members
Posts: 1, Visits: 13
Hi there, please bear with me as I am new to SSO and IDP's.  We have used Component space for some of our older applications in .NET.  We are moving to .NET Core, and I am trying to implement a proof of concept of it to sell to our leaders.  We use WSO2 server as a Service Provider.  It has a login page.  Our apps initiate logging when a person is not logged into the application by sending them to that login page, having them login in and receiving a response back from WSO2 server with the details.  In the old version we were not using any certificates in our .NET Application.  So, i'm a little confused by what certificate I actually need, and if this is necessary to have in the .NET application?  I'm including my SAML Configuration.  I hope someone can help us get this setup.

"SAML": {
  "$schema": "https://www.componentspace.com/schemas/saml-config-schema-v1.0.json",
  "Configurations": [
  {
   "LocalServiceProviderConfiguration": {
    "Name": "SRM",
    "Description": "SSO Provider.",
    "AssertionConsumerServiceUrl": "https://localhost:44388/Home/AssertionConsumerService"
   },
   "PartnerIdentityProviderConfiguration": {
    "Name": "https://{WSO2 Server Address}/samlsso",
    "Description": "SSO Provider.",
    "WantAuthnRequestSigned": false,
    "SignSamlResponse": false,
    "SingleSignOnServiceUrl": "https://{WSO2 Server Address}:443/samlsso",
    "SingleLogoutServiceUrl": "https://{WSO2 Server Address}:443/samlsso"
   }
  }
  ]
}

ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You will need to specify a certificate in the PartnerIdentityProviderConfiguration.
The SAML response or assertion sent back to your application by WSO2 will be signed.
The PartnerIdentityProviderConfiguration certificate is used to verify the signature.
The LocalServiceProviderConfiguration certificate is only required if the SAML authn request being sent to WSO2 is to be signed or if SAML assertions are to be encrypted.
Typically SAML assertions aren't encrypted.
If your current .NET implementation doesn't require a local SP certificate (ie PFX) file then WSO2 doesn't require the authn request to be signed.
Therefore you shouldn't need a LocalServiceProviderConfiguration certificate.
If you have the SAML metadata for WSO2 you can use our ImportMetadata tool to update your SAML configuration. This will include extracting the PartnerIdentityProviderConfiguration certificate.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search