Forums, Documentation & Knowledge Base - ComponentSpace

SAML Multi-Tenancy Applications


https://componentspace.com/forums/Topic51.aspx

By ComponentSpace - 3/12/2014

Multi-tenancy refers to a single application acting as multiple identity providers or service providers.
For the majority of use cases, an application acts as a single identity provider, a single service provider, or, less frequently, as a combined single identity provider and service provider.

SAML Configuration

Specifying the SAML Configuration Programmatically

However, there may be circumstances where a single application must act as multiple identity providers or service providers.
For example, the following code configures multiple identity providers.


//  Create the configuration for the first tenancy.
SAMLConfiguration samlConfiguration = new SAMLConfiguration();
samlConfiguration.LocalIdentityProviderConfiguration =
    new LocalIdentityProviderConfiguration() {
        Name = "http://localhost/ExampleIdentityProvider",
        LocalCertificateFile = "idp.pfx",
        LocalCertificatePassword = "password"
    };

samlConfiguration.AddPartnerServiceProvider(
    new PartnerServiceProviderConfiguration() {
        Name = "http://localhost/ExampleIdentityProvider",
        WantAuthnRequestSigned = false,
        SignSAMLResponse = true,
        SignAssertion = false,
        EncryptAssertion = false,
        AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider/SAML/AssertionConsumerService.aspx",
        SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider/SAML/SLOService.aspx",
        PartnerCertificateFile = "sp.cer"
    });

SAMLController.Configurations["tenantID1"] = samlConfiguration;



//  Create the configuration for the second tenancy.
samlConfiguration = new SAMLConfiguration();
samlConfiguration.LocalIdentityProviderConfiguration =
    new LocalIdentityProviderConfiguration() {
        Name = "http://localhost/ExampleIdentityProvider2",
        LocalCertificateFile = "idp.pfx",
        LocalCertificatePassword = "password"
    };

samlConfiguration.AddPartnerServiceProvider(
    new PartnerServiceProviderConfiguration() {
        Name = "http://localhost/ExampleServiceProvider2",
        WantAuthnRequestSigned = false,
        SignSAMLResponse = true,
        SignAssertion = false,
        EncryptAssertion = false,
        AssertionConsumerServiceUrl = "http://localhost/ExampleServiceProvider2/SAML/AssertionConsumerService.aspx",
        SingleLogoutServiceUrl = "http://localhost/ExampleServiceProvider2/SAML/SLOService.aspx",
        PartnerCertificateFile = "sp.cer"
    });

SAMLController.Configurations["tenantID2"] = samlConfiguration;


The SAMLController.Configurations property maintains a dictionary of SAMLConfiguration objects keyed by configuration ID.
To switch between configurations, specify the configuration ID using the SAMLController.ConfigurationID property.
For example:
 

// Specify the configuration for this tenant
SAMLController.ConfigurationID = “tenantID1”; 

// Now call the SSO API (not shown) - the tenantID1 configuration will be used.



Typically the ConfigurationID property is set when a user HTTP request is first received.
This means a method is required to identify the appropriate tenancy/SAML configuration to use but this is application specific.
For example, a query string parameter, different endpoint URLs, or application session data may be used to identity the tenancy.

NB. Earlier versions of the API provided access to the SAML configurations dictionary and configuration ID through the SAMLConfiguration class. This has been refactored for consistency and better readability so these are now properties of the SAMLController class.

By ComponentSpace - 1/11/2018

You're welcome.  :)