When the IdP sends a SAML response to the SP the following occurs. 1. IdP returns to the browser an HTTP response containing an HTML form and some JavaScript to automatically submit the form to the SP. 2. Browser executes the JavaScript and sends an HTTP Post with the SAML response as the post data to the SP. 3. SP receives the HTTP Post request containing the SAML response. Did you want to include additional headers in the HTTP request to the SP? If so, what type of information do you wish to include? The standard way for sending information to the SP is to include SAML attributes in the SAML assertion. Could the information be sent as SAML attributes rather than as HTTP headers? You can store the SAML configuration including the certificates in a custom database rather than in the appsettings.json. Please refer to our Configuration Guide which describes either specifying configuration programmatically or implementing the ISamlConfigurationResolver interface. https://www.componentspace.com/Forums/8234/Configuration-Guide
Regards ComponentSpace Development
|