jkmu / Saml2.authentication.core
Licence: mpl-2.0
A SAML 2.0 middleware for ASP.NET Core
Stars: ✭ 66
Projects that are alternatives of or similar to Saml2.authentication.core
Cipheridaas
CipherIDaaS —— Open-source IDaaS/IAM product by CipherChina , Hangzhou .
Stars: ✭ 121 (+83.33%)
Mutual labels: sso, saml, saml2
Product Is
Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Stars: ✭ 435 (+559.09%)
Mutual labels: authentication, sso, saml2
Samlify
🔐 Node.js API for Single Sign On (SAML 2.0)
Stars: ✭ 413 (+525.76%)
Mutual labels: sso, saml, saml2
Nginx Http Shibboleth
Shibboleth auth request module for nginx
Stars: ✭ 168 (+154.55%)
Mutual labels: authentication, sso, saml2
Cas
Apereo CAS - Enterprise Single Sign On for all earthlings and beyond.
Stars: ✭ 9,154 (+13769.7%)
Mutual labels: authentication, sso, saml2
Spring Boot Security Saml Sample
SBS3 — A sample SAML 2.0 Service Provider built on Spring Boot.
Stars: ✭ 469 (+610.61%)
Mutual labels: authentication, sso, saml
Djangosaml2
A maintenance fork of the original and no longer maintained djangosaml2 library.
Stars: ✭ 143 (+116.67%)
Mutual labels: authentication, sso, saml2
webprofile-ref-project
A example project to demonstrate implementing SAML Web browser SSO profile using OpenSAML V2
Stars: ✭ 23 (-65.15%)
Mutual labels: saml, sso, saml2
Simplesamlphp
SimpleSAMLphp is an award-winning application written in native PHP that deals with authentication.
Stars: ✭ 832 (+1160.61%)
Mutual labels: authentication, saml, saml2
Play Pac4j
Security library for Play framework 2 in Java and Scala: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 375 (+468.18%)
Mutual labels: authentication, saml
Microsoft Identity Web
Helps creating protected web apps and web APIs with Microsoft identity platform and Azure AD B2C
Stars: ✭ 321 (+386.36%)
Mutual labels: asp-net-core, authentication
Django Saml2 Auth
Django SAML2 Authentication Made Easy. Easily integrate with SAML2 SSO identity providers like Okta
Stars: ✭ 405 (+513.64%)
Mutual labels: authentication, saml2
Aws Google Auth
Provides AWS STS credentials based on Google Apps SAML SSO auth (what a jumble!)
Stars: ✭ 428 (+548.48%)
Mutual labels: sso, saml
Keycloak Nodejs Admin Client
🔑 NodeJS keycloak admin client
Stars: ✭ 309 (+368.18%)
Mutual labels: authentication, sso
Oxauth
OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)
Stars: ✭ 308 (+366.67%)
Mutual labels: authentication, sso
Buji Pac4j
pac4j security library for Shiro: OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
Stars: ✭ 444 (+572.73%)
Mutual labels: authentication, saml
Authelia
The Single Sign-On Multi-Factor portal for web apps
Stars: ✭ 11,094 (+16709.09%)
Mutual labels: authentication, sso
Saml2.Authentication.Core
A SAML 2.0 authentication middleware for ASP.NET Core
This project is a fork of the OIOSAML.Net implementation of SAML 2.0 framework from digitaliser.dk. It has been ported and modified to support ASP.NET Core with all dependencies to ASP.NET removed.
Available in nuget.org
Features
Supports the following SAML 2.0 features for Web Browser SSO and Single Logout profiles
- [x] HTTP Redirect Binding
SP Redirect Request; IdP POST/Redirect Response - [x] HTTP Artifact Binding
SP Redirect Request; IdP Redirect Artifact Response - [x] SP-Initiated Single Logout with Multiple SPs
- [ ] HTTP POST Binding
- [ ] IDP-Initiated Single Logout
Configuration
Startup
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddScoped<IUserClaimsPrincipalFactory<TUser>, DemoWebAppClaimsPrincipalFactory>();
services.Configure<Saml2Configuration>(Configuration.GetSection("Saml2"));
services.AddSaml();
// Single idp
services.AddAuthentication()
.AddCookie("saml2.cookies", options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
})
.AddSaml("saml2", "saml2", options =>
{
options.SignInScheme = "saml2.cookies";
options.IdentityProviderName = "stubidp.sustainsys";
});
// Multiple idps
services.AddAuthentication()
.AddCookie("saml2.idp1.cookies", options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
})
.AddCookie("saml2.idp2.cookies", options =>
{
options.Cookie.HttpOnly = true;
options.Cookie.SameSite = SameSiteMode.None;
options.Cookie.SecurePolicy = CookieSecurePolicy.SameAsRequest;
})
.AddSaml("saml2.idp1", "saml2.idp1", options =>
{
options.SignInScheme = "saml2.idp1.cookies";
options.IdentityProviderName = "idp1";
})
.AddSaml("saml2.idp2", "saml2.idp2", options =>
{
options.SignInScheme = "saml2.idp2.cookies";
options.IdentityProviderName = "idp2";
});
services.AddMvc();
}
appsettings.json
// Single idp
"Saml2": {
"ServiceProviderConfiguration": {
"EntityId": "Id of the sp",
"Name": "name",
"AssertionConsumerServiceUrl": "AssertionConsumerService",
"SingleLogoutResponseServiceUrl": "SingleLogoutService",
"OmitAssertionSignatureCheck": true, // check or not for valid idp's signature in AuthnResponse
"Certificate": {
"Thumbprint": "sp's certificate",
}
},
"IdentityProviderConfiguration": [
{
"EntityId": "Id of the SAML 2.0 idp",
"Name": "Name of the SAML 2.0 idp",
"ForceAuth": "false",
"IsPassive": "false",
"SingleSignOnService": "idp's sso service endpoint",
"SingleSignOutService": "idp's slo service endpoint",
"ArtifactResolveService": "idp's artifact resolve service endpoint",
"Certificate": {
"Thumbprint": "idp's certificate",
}
}
]
}
// Multiple idps
"Saml2": {
"ServiceProviderConfiguration": {
"EntityId": "Id of the sp",
"Name": "name",
"AssertionConsumerServiceUrl": "AssertionConsumerService",
"SingleLogoutResponseServiceUrl": "SingleLogoutService",
"OmitAssertionSignatureCheck": true, // check or not for valid idp's signature in AuthnResponse
"Certificate": {
"Thumbprint": "sp's certificate",
}
},
"IdentityProviderConfiguration": [
{
"EntityId": "idp1",
"Name": "name of idp1",
"ForceAuth": "false",
"IsPassive": "false",
"SingleSignOnService": "idp1's sso service endpoint",
"SingleSignOutService": "idp1's slo service endpoint",
"ArtifactResolveService": "idp1's artifact resolve service endpoint",
"Certificate": {
"Thumbprint": "idp1's certificate",
}
},
{
"EntityId": "idp2",
"Name": "name of idp2",
"ForceAuth": "false",
"IsPassive": "false",
"SingleSignOnService": "idp2's sso service endpoint",
"SingleSignOutService": "idp2's slo service endpoint",
"ArtifactResolveService": "idp2's artifact resolve service endpoint",
"Certificate": {
"Thumbprint": "idp2's certificate",
}
}
]
}
ClaimsPrincipalFactory
The SessionIndex and Subject claims are required for SLO. These needs to be stored and availed during logout. This example keeps all the claims from the idp in session cookie if using Identity
public class DemoWebAppClaimsPrincipalFactory : UserClaimsPrincipalFactory<ApplicationUser>
{
private readonly IHttpContextAccessor _httpContextAccessor;
public DemoWebAppClaimsPrincipalFactory(UserManager<ApplicationUser> userManager,
IOptions<IdentityOptions> optionsAccessor, IHttpContextAccessor httpContextAccessor) : base(userManager,
optionsAccessor)
{
_httpContextAccessor = httpContextAccessor;
}
protected override async Task<ClaimsIdentity> GenerateClaimsAsync(ApplicationUser user)
{
var signInManager =
(SignInManager<ApplicationUser>)Context.RequestServices.GetService(
typeof(SignInManager<ApplicationUser>));
var claims = new List<Claim>();
var authenticationSchemes = await signInManager.GetExternalAuthenticationSchemesAsync();
foreach (var scheme in authenticationSchemes)
{
var authenticateResult = await Context.AuthenticateAsync(scheme.Name);
if (!authenticateResult.Succeeded)
{
continue;
}
var sessionIndex = authenticateResult.Principal.Claims.First(c => c.Type == Saml2ClaimTypes.SessionIndex);
var saml2Subject = authenticateResult.Principal.Claims.First(c => c.Type == Saml2ClaimTypes.Subject);
claims.Add(sessionIndex);
claims.Add(saml2Subject);
}
var claimsIdentity = await base.GenerateClaimsAsync(user);
claimsIdentity.AddClaims(claims); //Add external claims to cookie. The SessionIndex and Subject are required for SLO
return claimsIdentity;
}
}
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].