### Configure SAML2 with IdP Metadata Source: https://www.itfoxtec.com/IdentitySaml2 Configure SAML2 services in Startup.cs using Identity Provider metadata. Ensure the IdPSsoDescriptor is loaded correctly from the metadata URL. ```csharp services.Configure(Configuration.GetSection("Saml2")); services.Configure(saml2Configuration => { saml2Configuration.SigningCertificate = CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath( Configuration["Saml2:SigningCertificateFile"])), Configuration["Saml2:SigningCertificatePassword"]); saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer); var entityDescriptor = new EntityDescriptor(); entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"])); if (entityDescriptor.IdPSsoDescriptor != null) { saml2Configuration.SingleSignOnDestination = entityDescriptor.IdPSsoDescriptor.SingleSignOnServices.First().Location; saml2Configuration.SingleLogoutDestination = entityDescriptor.IdPSsoDescriptor.SingleLogoutServices.First().Location; saml2Configuration.SignatureValidationCertificates.AddRange(entityDescriptor.IdPSsoDescriptor.SigningCertificates); } else { throw new Exception("IdPSsoDescriptor not loaded from metadata."); } }); services.AddSaml2(); ``` -------------------------------- ### Configure SAML2 without Metadata Source: https://www.itfoxtec.com/IdentitySaml2 Configure SAML2 services in Startup.cs without relying on IdP metadata. Manually specify the signature validation certificate. ```csharp services.Configure(Configuration.GetSection("Saml2")); services.Configure(saml2Configuration => { saml2Configuration.SigningCertificate = CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath( Configuration["Saml2:SigningCertificateFile"])), Configuration["Saml2:SigningCertificatePassword"]); saml2Configuration.AllowedAudienceUris.Add(saml2Configuration.Issuer); saml2Configuration.SignatureValidationCertificates.Add(CertificateUtil.Load(AppEnvironment.MapToPhysicalFilePath( Configuration["Saml2:SignatureValidationCertificateFile"]))); }); services.AddSaml2(); ``` -------------------------------- ### Login Method Source: https://www.itfoxtec.com/IdentitySaml2 Initiates the SAML2 login process by creating and binding a SAML2 authentication request. ```APIDOC ## POST /Login ### Description Initiates the SAML2 login process. ### Method POST ### Endpoint /Login ### Parameters #### Query Parameters - **returnUrl** (string) - Optional - The URL to redirect to after login. ``` -------------------------------- ### AssertionConsumerService Method Source: https://www.itfoxtec.com/IdentitySaml2 Handles the SAML2 response after a user attempts to log in, creating a session and redirecting the user. ```APIDOC ## POST /AssertionConsumerService ### Description Receives and processes the SAML2 authentication response from the Identity Provider. ### Method POST ### Endpoint /AssertionConsumerService ### Parameters #### Request Body - **Saml2AuthnResponse** (object) - Required - The SAML2 authentication response object. ``` -------------------------------- ### SAML2 Login Action Source: https://www.itfoxtec.com/IdentitySaml2 Handles SAML2 login requests in the Auth Controller. It prepares a SAML2 authentication request and redirects the user to the Identity Provider. ```csharp [Route("Login")] public IActionResult Login(string returnUrl = null) { var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } }); return binding.Bind(new Saml2AuthnRequest(config)).ToActionResult(); } ``` -------------------------------- ### LoggedOut Method Source: https://www.itfoxtec.com/IdentitySaml2 Handles the SAML2 response after a logout attempt, redirecting the user to the home page. ```APIDOC ## GET /LoggedOut ### Description Receives the SAML2 logout response and redirects the user. ### Method GET ### Endpoint /LoggedOut ``` -------------------------------- ### Logout Method Source: https://www.itfoxtec.com/IdentitySaml2 Handles the SAML2 logout process for an authenticated user. ```APIDOC ## POST /Logout ### Description Initiates the SAML2 logout process for the currently authenticated user. ### Method POST ### Endpoint /Logout ### Parameters #### Request Body - **Saml2LogoutRequest** (object) - Required - The SAML2 logout request object. ``` -------------------------------- ### SAML2 LoggedOut Action Source: https://www.itfoxtec.com/IdentitySaml2 Handles the SAML2 logout response after the user has been logged out. It unbinds the logout response and redirects the user to the home page. ```csharp [Route("LoggedOut")] public IActionResult LoggedOut() { var httpRequest = Request.ToGenericHttpRequest(validate: true); httpRequest.Binding.Unbind(httpRequest, new Saml2LogoutResponse(config)); return Redirect(Url.Content("~/")); } ``` -------------------------------- ### SingleLogout Method Source: https://www.itfoxtec.com/IdentitySaml2 Receives a Single Logout request from an Identity Provider and sends a corresponding response. ```APIDOC ## POST /SingleLogout ### Description Handles Single Logout requests from the Identity Provider and sends a logout response. ### Method POST ### Endpoint /SingleLogout ### Parameters #### Request Body - **Saml2LogoutRequest** (object) - Required - The SAML2 logout request object. ``` -------------------------------- ### SAML2 Logout Action Source: https://www.itfoxtec.com/IdentitySaml2 Initiates the SAML2 logout process for an authenticated user. It invalidates the local session and sends a logout request to the Identity Provider. ```csharp [HttpPost("Logout")] [ValidateAntiForgeryToken] public async Task Logout() { if (!User.Identity.IsAuthenticated) { return Redirect(Url.Content("~/")); } var binding = new Saml2PostBinding(); var saml2LogoutRequest = await new Saml2LogoutRequest(config, User).DeleteSession(HttpContext); return binding.Bind(saml2LogoutRequest).ToActionResult(); } ``` -------------------------------- ### SAML2 Assertion Consumer Service (ACS) Action Source: https://www.itfoxtec.com/IdentitySaml2 Receives SAML2 responses after login. It processes the response, creates a session, and redirects the user to the appropriate return URL. ```csharp [Route("AssertionConsumerService")] public async Task AssertionConsumerService() { var httpRequest = Request.ToGenericHttpRequest(validate: true); var saml2AuthnResponse = new Saml2AuthnResponse(config); httpRequest.Binding.Unbind(httpRequest, saml2AuthnResponse); await saml2AuthnResponse.CreateSession(HttpContext, ClaimsTransform: (claimsPrincipal) => ClaimsTransform.Transform(claimsPrincipal)); var returnUrl = httpRequest.Binding.GetRelayStateQuery()[relayStateReturnUrl]; return Redirect(string.IsNullOrWhiteSpace(returnUrl) ? Url.Content("~/") : returnUrl); } ``` -------------------------------- ### SAML2 SingleLogout Action Source: https://www.itfoxtec.com/IdentitySaml2 Receives and processes SAML2 Single Logout requests. It invalidates the user's session and sends a logout response back to the Identity Provider. ```csharp [Route("SingleLogout")] public async Task SingleLogout() { Saml2StatusCodes status; var httpRequest = Request.ToGenericHttpRequest(validate: true); var logoutRequest = new Saml2LogoutRequest(config, User); try { httpRequest.Binding.Unbind(httpRequest, logoutRequest); status = Saml2StatusCodes.Success; await logoutRequest.DeleteSession(HttpContext); } catch (Exception exc) { // log exception Debug.WriteLine("SingleLogout error: " + exc.ToString()); status = Saml2StatusCodes.RequestDenied; } var responseBinding = new Saml2PostBinding(); responseBinding.RelayState = httpRequest.Binding.RelayState; var saml2LogoutResponse = new Saml2LogoutResponse(config) { InResponseToAsString = logoutRequest.IdAsString, Status = status, }; return responseBinding.Bind(saml2LogoutResponse).ToActionResult(); } ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.