I am quite new to SSO and SAML. We have an ASP.NET MVC server. We need to make it act as a SSO identity provider, which accepts a SAML request from other service provider websites of ours, lets users to login using email, password and 2FA, then redirect back to the service provider websites with a SAML response/assertion.
Two of the service provider websites are created using DNN CMS, so the way our SSO identity provider works must be industry-standard, so that DNN CMS can work with it.
Questions:
- How to create the SAML request on the service provider side? What tool I can use to create the XML?
- How to encrypt the SAML request? Symmetric or asymmetric? What encryption key to use? Shall it be signed?
- How to send the SAML request to the identity provider? A GET or POST? As query string? What is the query string name?
- How to decrypt the SAML request on the identity provider side? How to verify the signature it it is signed?
- How to create the SAML response/assertion on the identity provider side?
- How to encrypt and sign the response?
- How to send the SAML response back to the service provider? GET or POST? As a query string? What query string name?
- How to decrypt and verify the SAML response on the service provider side?
- How to extract information from the SAML response?
I found the answer.
This document answers all the questions I listed, and the following supplier, www.componentspace.com, is a well-known and reputed SDK that can be used to create both a IdP and SP.