1

I am trying to integrate Azure AD SSO with the Sustainsys Saml2 library. I have created Enterpise application in Azure. When I click on Test single sign-on the authentication is successfull and I am redirected to LoginCallback method where I have to parse the response but it is not clear how to do this using Sustainsys.Saml2?

Second issue i have is that no matter where the RedirectUri is setup, the application (not Azure dashboard) after the successfull login always redirects to https://localhost:44354/Saml2/Acs instead of https://localhost:44354/Account/LoginCallback

I have tried to follow the .netcore sample in the library repo but it utilizes the ASP Identity which i am trying to avoid. Therefore I have created plain ASP.NET Core 2.2 MVC web application and added via nuget Sustainsys.Saml2.AspNetCore2 2.3.0 version. In Startup.cs I defined the following configuration:

 services.AddAuthentication()
          .AddSaml2(Saml2Defaults.Scheme, options =>
          {
              options.SPOptions.EntityId = new EntityId("IDName");
              options.SPOptions.ReturnUrl = new Uri($"https://localhost:44364/Account/LoginCallback"); // always get ignored and set as Saml2/Asc
              options.IdentityProviders.Add(
                  new IdentityProvider(
                      new EntityId("https://sts.windows.net/aaaaaaaaaaaaaaa/"), options.SPOptions)
                  {
                      LoadMetadata = true,
                      MetadataLocation = "https://login.microsoftonline.com/aaaaaaaaa/federationmetadata/2007-06/federationmetadata.xml?appid=xxxxxxxxxxxxxxx",
                  });

              //options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));
          });

Next, I have created an Account controller with two methods:

    [HttpGet("Login")]
    [AllowAnonymous]
    public IActionResult Login(string returnUrl)
    {
        return new ChallengeResult(
            Saml2Defaults.Scheme,
            new AuthenticationProperties
            {
                // It looks like this parameter is ignored, so I set ReturnUrl in Startup.cs
                //RedirectUri = Url.Action(nameof(LoginCallback), "Account", new { returnUrl })
            });
    }

    [HttpPost]
    [AllowAnonymous]
    public async Task<IActionResult> LoginCallback( string returnUrl)
    {
       // How do I parse the response (saml) from body

        return RedirectToAction("Index", "Home");
    }

Any help would be appreciated.

Jim
  • 2,760
  • 8
  • 42
  • 66

1 Answers1

1

Regarding the second part of your question, if you are still struggling, you want to do something like What is shown here in the first code block :

AuthenticateResult.Succeeded is false with Okta and Sustainsys.SAML2

JRS
  • 569
  • 9
  • 26