I am doing web sso integration (IDP initiated flow) for our web app(a CRM portal) in which users log in with AD credentials and accesses resources on a Service Provider(SP) by passing in our customer details.Our server is on windows 2012 R2(ADFS 3.0).Can I have the SP post the SAML request to a web api (4.6,C#) ,create the SAML 2.0 Response using third party assemblies(ComponentSpace) and send it to the SP after digitally signing and Encrypting the assertion rather than relying on ADFS 3.0 to generate the SAML 2.0 Response?.Our SP wants some custom attributes added to the SAML response and the claim info resides on a sql server database. Do you see any security problem generating the SAML response manually(Inside the Web API) rather than relying on ADFS 3.0?The reasoning behind manually creating SAML response is working with ADFS 3.0 is complex and our support team is too busy to look at our support tickets
After getting in touch with ComponentSpace support,it turns out that I don't have to use ADFS to create SAML response.All I have to do is get the claim details from sql server database and pass that onto their SAMLIdentityProvider.InitiateSSO() as described on their forum
Update: Use of componentspace library was not an option because of the organization delays associated with getting the approval and I ended up creating the saml response manually thanks to this GitHub Repo