ComponentSpace

Forums



Carry-along data


Carry-along data

Author
Message
leotohill
leotohill
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 3
We have a multi-tenant application that uses service-provider-initiated SAML authentication. There are multiple
SAML identity providers, potentially a different one for each tenant. The URL that initially invokes the application
provides the tenant id as a url query parameter. We use that id to lookup the identity provider information, and
initiate the SAML flow.

We need to retain the tenant id between the initial entry to the app, and the entry that results from the POST request
that contains the SAML assertion. We have been keeping this information in an ASP.Net cookie, but this is unsatisfactory
for security reasons, and due to the recent browser changes involving "samesite". Does the ComponentSpace library provide
a better means of retaining this information?  Perhaps in its own session state - can we add into that?



ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAMLController.ConfigurationID is saved to the SAML session state that we maintain.

For SP-initiated SSO, there's no need to set this property when receiving the SAML response as it was saved when the SAML authn request was sent.

Regards
ComponentSpace Development
leotohill
leotohill
New Member
New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)New Member (3 reputation)

Group: Forum Members
Posts: 2, Visits: 3
ComponentSpace - 6/22/2020
The SAMLController.ConfigurationID is saved to the SAML session state that we maintain.

For SP-initiated SSO, there's no need to set this property when receiving the SAML response as it was saved when the SAML authn request was sent.

Thanks for the response.  I'm trying to connect the dots.

When I build my configuration dynamically using ISamlConfigurationResolver, does it still have a ConfigurationID that I specify?

When authentication is complete, how do I determine which ConfigurationId was used?  I'm not seeing it in ReceiveSSO.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
When your implementation of ISamlConfigurationResolver is called, the configurationID parameter to the various methods is set to the configuration ID you'd previously specified through the SAMLController.ConfigurationID property.

You can also access the configuration ID through the SAMLController.ConfigurationID property. You can do this at the time of calling ReceiveSSO to determine what configuration ID was used.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search