ComponentSpace

Forums



IDP Setup


IDP Setup

Author
Message
shamveel
shamveel
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 22
I am trying to create new IDP service and i have few questions and i couldn't figure out solution though i have gone through the documentation 

a) i want to support only HTTP-Post binding . ComponentSpace by default supports HTTP-Redirect and HTTP-POST , is there a way to restrict them , so that if SP  try to connect through REDIRECT i would throw exception ? I also want my metadata to only show HTTP-Post
b) Is there any way to inject OrganizationName and NameIdFormat on LocalIdentityProviderConfiguration and expose them through MetaData without low level code ? 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
We don't support preventing a SAML authn request being sent using HTTP-Redirect. In your app you could check the request type and only call ReceiveSsoAsync if the request is an HTTP Post.

May I ask why you don't want to support HTTP-Redirect? It's quite commonly used.

As part of the export process, we do support including the Name ID format in the SAML metadata if this is included in the SAML configuration. However, we don't support the organization information as this isn't included in the SAML configuration. You would have to update the SAML metadata separately to include this information. 

Regards
ComponentSpace Development
shamveel
shamveel
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 22
ComponentSpace - 5/30/2022
We don't support preventing a SAML authn request being sent using HTTP-Redirect. In your app you could check the request type and only call ReceiveSsoAsync if the request is an HTTP Post.

May I ask why you don't want to support HTTP-Redirect? It's quite commonly used.

As part of the export process, we do support including the Name ID format in the SAML metadata if this is included in the SAML configuration. However, we don't support the organization information as this isn't included in the SAML configuration. You would have to update the SAML metadata separately to include this information. 

about HTTP-Redirect , it was a ask from client to restrict them .
about NameId format i couldn't find any property under 'LocalIdentityProviderConfiguration' to set the value . Can you help point at the right documentation ?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Thanks for the information.

The NameIDFormat is under the PartnerServiceProviderConfiguration as it can vary from partner SP to partner SP.

Regards
ComponentSpace Development
shamveel
shamveel
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 22
ComponentSpace - 5/30/2022
Thanks for the information.

The NameIDFormat is under the PartnerServiceProviderConfiguration as it can vary from partner SP to partner SP.

I agree it varies from SP to SP but OASIS metadata defn also has provision for NameIdFormat and you think we don't have good way to configure them within LocalIdentityProviderConfiguration ?

Here is the refrence SAML MD simplified overview.pdf (oasis-open.org) Page 4 
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
When you call ConfigurationToMetadata.ExportAsync, if you specify an optional partnerName parameter, it will include whatever partner-specific information should be included in the metadata.

So, if you specify the partner SP name and this PartnerServiceProviderConfiguration has a NameIDFormat, this will be included in the generated IdP metadata.

Regards
ComponentSpace Development
shamveel
shamveel
New Member
New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)New Member (6 reputation)

Group: Forum Members
Posts: 5, Visits: 22
ComponentSpace - 5/31/2022
When you call ConfigurationToMetadata.ExportAsync, if you specify an optional partnerName parameter, it will include whatever partner-specific information should be included in the metadata.

So, if you specify the partner SP name and this PartnerServiceProviderConfiguration has a NameIDFormat, this will be included in the generated IdP metadata.

that makes sense. thank you and i really appreciate your quick response :) 


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
You're very welcome.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search