I want to use Owin based SAML2 authentication without "hardcoding" any data. I have metadata file from IdP owner. Is there any way, how to just load this file (or point to url with metadata) and let provider initialize itself?
public void ConfigureAuth(IAppBuilder app)
{
...
app.UseSaml2Authentication(CreateSaml2Options());
}
private static Saml2AuthenticationOptions CreateSaml2Options()
{
var spOptions = CreateSpOptions();
var saml2Options = new Saml2AuthenticationOptions(false)
{
SPOptions = spOptions
};
var idp = new IdentityProvider(new EntityId("XXXXXXXXX"), spOptions)
{
AllowUnsolicitedAuthnResponse = true,
Binding = Saml2BindingType.HttpPost,
SingleSignOnServiceUrl = new Uri("XXXXXXXXX")
};
saml2Options.IdentityProviders.Add(idp);
return saml2Options;
}
How to get XXXXXXXXX values from metadata?
The XXX is the EntityId, it is listed at the top of the metadata. Consider e.g. this metadata excerpt from stubidp.sustainsys.com:
<EntityDescriptor xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
ID="_a1f8bba0-9d9f-4107-bbed-b61cd3d9c67f"
entityID="https://stubidp.sustainsys.com/Metadata" cacheDuration="PT15M"
validUntil="2018-12-19T18:51:08Z">
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
The XXX value you are looking for is the entityID attribute. In this case it is https://stubidp.sustainsys.com/Metadata.
In the current version of the library, it is unfortunately not possible to get the EntityID from the metadata. I'm planning to fix that in a future version but it requires quite a lot of work. The reason is that the EntityID is the key in a dictionary and things would get very confusing it would be lazily initialized or changed later.