I am using the ITfoxTec SAML library in my .Net Web API project.
I have it working with a SAML Identity Provider testing service called Okta and it's working great.
But now I need to use a corporate SAML Identity Provider that is more complicated.
I am required to send metadata, so I used one of those online SAML metadata generators and got this:
<?xml version="1.0"?>
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
validUntil="2023-02-03T18:10:14Z"
cacheDuration="PT604800S"
entityID="54ab9813-9546-4630-90eb-f31f69fbe535">
<md:SPSSODescriptor AuthnRequestsSigned="true" WantAssertionsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="https://portal.xyz.com/claims"
index="1" />
</md:SPSSODescriptor>
</md:EntityDescriptor>
I made the metadata XML file available on my site:
https://portal.xyz.com/public/5001_Saml2.xml
However when I try to connect to the SAML IdP, I get this error in the console:
System.InvalidOperationException occurred HResult=0x80131509 Message=Incorrect Content-Type
The controller my app uses to connect to the IdP is here:
[Route("Login")]
public IActionResult Login(string? returnUrl = null)
{
var binding = new Saml2RedirectBinding();
binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });
return binding.Bind(new Saml2AuthnRequest(config)).ToActionResult();
}
I'm not sure what I'm doing wrong, does anyone know how to setup Metadata like this for ITfoxTec SAML 2.0?
Thanks!
You should let the ITfoxtec Identity SAML library create the online metadata, then it should work.
You can e.g., find a metadata generation example in the TestWebAppCore sample.