We have a multi-tenant application that uses service-provider-initiated SAML authentication. There are multiple SAML identity providers, potentially a different one for each tenant. The URL that initially invokes the application provides the tenant id as a url query parameter. We use that id to lookup the identity provider information, and initiate the SAML flow.
We need to retain the tenant id between the initial entry to the app, and the entry that results from the POST request that contains the SAML assertion. We have been keeping this information in an ASP.Net cookie, but this is unsatisfactory for security reasons, and due to the recent browser changes involving "samesite". Does the ComponentSpace library provide a better means of retaining this information? Perhaps in its own session state - can we add into that?
|