SAML2Core 1.1.1

ASP.NET Core middleware that enables an application to support the SAML2 authentication workflow.

There is a newer version of this package available.
See the version list below for details.
Install-Package SAML2Core -Version 1.1.1
dotnet add package SAML2Core --version 1.1.1
<PackageReference Include="SAML2Core" Version="1.1.1" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
paket add SAML2Core --version 1.1.1
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Usage

  1. Modify ConfigureServices() in Startup.cs
services.AddAuthentication(sharedOptions =>
{
    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddSamlCore(options =>
{
    // ApplicationURL (REQUIRED) - This is the url for the production application. 
    // This will be used to create two Assertion Consumer Endpoints in your metadata.xml. 
    // One will be for example https://my.la.gov/sign-in
    // Second one will be https://[localhost environment]/sign-in 
    options.ApplicationURL = "https://my.la.gov";

    // SignOutPath (REQUIRED) - The endpoint for the idp to perform its signout action
    options.SignOutPath = "/signedout";

    // EntityId (REQUIRED) - The Relying Party Identifier e.g. https://my.la.gov.local
    options.ServiceProvider.EntityId = Configuration["AppConfiguration:ServiceProvider:EntityId"];

    // There are two ways to provide FederationMetadata
    // Option 1 - A FederationMetadata.xml already exists for your application
    // options.MetadataAddress = @"FederationMetadata.xml";

    // Option 2 - Have the middleware generate the FederationMetadata.xml file for you
    options.MetadataAddress = Configuration["AppConfiguration:IdentityProvider:MetadataAddress"];

    // Have the middleware create the metadata file for you
    // The default is false. If you don't want a file generated by the middleware, comment the line below.
    options.CreateMetadataFile = true;

    // If you want to specify the filename and path for the generated metadata file do so below:
    //options.DefaultMetadataFileName = "MyMetadataFilename"; //the default is "Metadata".
    //options.DefaultMetadataFolderLocation = "MyPath"; //the default is "wwwroot" so it can be accessible via https://[host name]/MyMetadataFilename.xml.

    //************************************************************************************************************ 
    // The following section is if your application (SP) has a certificate and is signing the Authn Request with it.
    //************************************************************************************************************
    // Certificate (REQUIRED) if you want you application (SP) to sign the authentication request (AuthnRequest)
    // The certificate serial number value. 
    options.ServiceProvider.SigningCertificateX509TypeValue = Configuration["AppConfiguration:ServiceProvider:CertificateSerialNumber"]; //your certifcate serial number (default type which can be chnaged by ) that is in your certficate store

    // For signed AuthnRequest - if you want the search for the Sp certificate by somethign else other than SerialNumber. The default is serial number. 
    //options.ServiceProvider.CertificateIdentifierType = X509FindType.FindBySerialNumber; // the default is 'X509FindType.FindBySerialNumber'. Change value of 'options.ServiceProvider.SigningCertificateX509TypeValue' if this changes
    
    //************************************************************
            
    // Force Authentication (optional) - if you are requiring users to log into the Idp every time.
    options.ForceAuthn = true;

    // Service Provider Properties (optional) - These set the appropriate tags in the metadata.xml file
    options.ServiceProvider.ServiceName = "My Test Site";
    options.ServiceProvider.Language = "en-US";
    options.ServiceProvider.OrganizationDisplayName = "Louisiana State Government";
    options.ServiceProvider.OrganizationName = "Louisiana State Government";
    options.ServiceProvider.OrganizationURL = "https://my.test.site.gov";
    options.ServiceProvider.ContactPerson = new ContactType()
    {
        Company = "Louisiana State Government - OTS",
        GivenName = "Dina Heidar",
        EmailAddress = new[] { "dina.heidar@la.gov" },
        contactType = ContactTypeType.technical,
        TelephoneNumber = new[] { "+1 234 5678" }
    };

    // Events - Modify events below if you want to log errors, add custom claims, etc.

    //options.Events.OnRemoteFailure = context =>
    //{
    //    return Task.FromResult(0);
    //};              
    //options.Events.OnTicketReceived = context =>
    //{  //TODO: add custom claims here
    //    return Task.FromResult(0);
    //};               
})
.AddCookie();
  1. Modify Configure() in Startup.cs

Don't forget to add the following line in Configure()

app.UseAuthentication();

Usage

  1. Modify ConfigureServices() in Startup.cs
services.AddAuthentication(sharedOptions =>
{
    sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
    sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddSamlCore(options =>
{
    // ApplicationURL (REQUIRED) - This is the url for the production application. 
    // This will be used to create two Assertion Consumer Endpoints in your metadata.xml. 
    // One will be for example https://my.la.gov/sign-in
    // Second one will be https://[localhost environment]/sign-in 
    options.ApplicationURL = "https://my.la.gov";

    // SignOutPath (REQUIRED) - The endpoint for the idp to perform its signout action
    options.SignOutPath = "/signedout";

    // EntityId (REQUIRED) - The Relying Party Identifier e.g. https://my.la.gov.local
    options.ServiceProvider.EntityId = Configuration["AppConfiguration:ServiceProvider:EntityId"];

    // There are two ways to provide FederationMetadata
    // Option 1 - A FederationMetadata.xml already exists for your application
    // options.MetadataAddress = @"FederationMetadata.xml";

    // Option 2 - Have the middleware generate the FederationMetadata.xml file for you
    options.MetadataAddress = Configuration["AppConfiguration:IdentityProvider:MetadataAddress"];

    // Have the middleware create the metadata file for you
    // The default is false. If you don't want a file generated by the middleware, comment the line below.
    options.CreateMetadataFile = true;

    // If you want to specify the filename and path for the generated metadata file do so below:
    //options.DefaultMetadataFileName = "MyMetadataFilename"; //the default is "Metadata".
    //options.DefaultMetadataFolderLocation = "MyPath"; //the default is "wwwroot" so it can be accessible via https://[host name]/MyMetadataFilename.xml.

    //************************************************************************************************************ 
    // The following section is if your application (SP) has a certificate and is signing the Authn Request with it.
    //************************************************************************************************************
    // Certificate (REQUIRED) if you want you application (SP) to sign the authentication request (AuthnRequest)
    // The certificate serial number value. 
    options.ServiceProvider.SigningCertificateX509TypeValue = Configuration["AppConfiguration:ServiceProvider:CertificateSerialNumber"]; //your certifcate serial number (default type which can be chnaged by ) that is in your certficate store

    // For signed AuthnRequest - if you want the search for the Sp certificate by somethign else other than SerialNumber. The default is serial number. 
    //options.ServiceProvider.CertificateIdentifierType = X509FindType.FindBySerialNumber; // the default is 'X509FindType.FindBySerialNumber'. Change value of 'options.ServiceProvider.SigningCertificateX509TypeValue' if this changes
    
    //************************************************************
            
    // Force Authentication (optional) - if you are requiring users to log into the Idp every time.
    options.ForceAuthn = true;

    // Service Provider Properties (optional) - These set the appropriate tags in the metadata.xml file
    options.ServiceProvider.ServiceName = "My Test Site";
    options.ServiceProvider.Language = "en-US";
    options.ServiceProvider.OrganizationDisplayName = "Louisiana State Government";
    options.ServiceProvider.OrganizationName = "Louisiana State Government";
    options.ServiceProvider.OrganizationURL = "https://my.test.site.gov";
    options.ServiceProvider.ContactPerson = new ContactType()
    {
        Company = "Louisiana State Government - OTS",
        GivenName = "Dina Heidar",
        EmailAddress = new[] { "dina.heidar@la.gov" },
        contactType = ContactTypeType.technical,
        TelephoneNumber = new[] { "+1 234 5678" }
    };

    // Events - Modify events below if you want to log errors, add custom claims, etc.

    //options.Events.OnRemoteFailure = context =>
    //{
    //    return Task.FromResult(0);
    //};              
    //options.Events.OnTicketReceived = context =>
    //{  //TODO: add custom claims here
    //    return Task.FromResult(0);
    //};               
})
.AddCookie();
  1. Modify Configure() in Startup.cs

Don't forget to add the following line in Configure()

app.UseAuthentication();

This package is not used by any popular GitHub repositories.

Version History

Version Downloads Last updated
2.0.6 260 6/10/2019
2.0.4 79 6/8/2019
2.0.3 88 6/6/2019
2.0.2 88 6/6/2019
1.1.7 259 12/17/2018
1.1.6 125 12/14/2018
1.1.4 109 12/13/2018
1.1.3 126 11/21/2018
1.1.2 131 11/20/2018
1.1.1 126 11/20/2018
1.0.9 142 11/16/2018
1.0.8 164 11/16/2018
Show less