miniOrange ASP.NET SAML 2.0 Connector acts as a SAML Service Provider which can be configured to establish the trust between the connector and a SAML capable Identity Provider to securely authenticate the users into your application.
The connector uses the SAML protocol for exchanging authentication and authorization data with the Identity Provider.
Signing: Configure Signed Response and assertion to determine whether SAML authentication response message is digitally signed by the IDP.
Encryption: Choose whether the SAML assertion is encrypted or not. Encryption ensures that only the sender and receiver can understand the assertion.
Configurable SP base URL: You can provide custom SP base URL depending upon your Service Provider Configuration.
Auto-redirect to your application after SSO: The admin can provide an application URL, which will be used as a redirect URL after logging in.
Attribute Mapping: Map users attribute to session variables, which can be retrieved and used at the application endpoint.
Single Logout: You can logout of all your applications by a single click.
Steps to Configure the ASP.NET SAML 2.0 Connector
Step 1: Download and Setup the connector on your domain.
Download miniOrange ASP.NET SAML 2.0 Connector from the above link.
Setup the connector on the same domain where you have DOT NET application running.
To Add Application in IIS Manager,
Extract asp-net-saml-connector-xxx.zip and Copy sso-connector folder to path- C:\inetpub\wwwroot.
Open IIS manager.In left panel right click Default Web Site and click Add Application.
As given below provide Alias Name that is a webpage Address Name for example Alias_Name.
Give Physical path where you have copied the Application:
Step 2:Steps to give authority to user to make changes in SAML Connector (web.config File).
Go to this path C:\inetpub\wwwroot\
Right click the sso-connector and select Properties
Select the Security tab and click the Edit button.
Select IIS_IUSRS in under Group or Usernames option.
After following the steps given above, tick the box in the Permission for IIS_IUSRS container as shown in the figure below:
Step 3: Open SAML ASP.NET Connector on Browser
Open any browser and go to the following link: http://localhost/<your-alias>.
Login to SAML connector by providing your registered miniOrange username and password.
Step 4: Configure your Identity Provider
You need to provide these SP Entity ID and ACS URL values while configuring your Identity Provider.
Step 5: Configure your Service Provider
Provide the required settings (i.e. IDP Entity ID, IDP Single Sign On URL, X.509 certificate) in the connector.
Click Save Configuration to Save your IDP details.
Click on Test Configuration button to test whether the plugin is configured correctly or not.
The below Screenshot shows a successful result.
This screenshot shows the attributes that are received and are mapped by attribute mapping (i.e. NameID, email, firstname, lastname).
Step 6:Attribute Mapping
Attribute Mapping is used by the IDP and the SP to map user information from IDP to SP.
Attribute Mapping helps you to get user attributes from your IdP and map them to your user attributes in SP.
Attributes received in successful test configuration are used for attribute mapping.
In Attribute Mapping details like NameID and Email as shown in Figure Test Successful are mapped to NameID and Email respectively like Attribute: NameID, Email, FirstName, LastName.
Step 7: Login Setup
Provide your Endpoint URL in Login Setup where you will read your SAML response.
Provide Logout endpoints for your applications.
Click on Save button.
Step 8: Add following link in your application for SSO
Use the following URL as a link in your application from where you want to perform SSO: http://base-url/request.aspx
For example you can use it as: <a href="http://base-url/request.aspx”>Log in</a>"
Step 9: Add following link in your application for SLO
Use the following URL as a link in your application from where you want to perform SLO: http://base-url/singlelogout.aspx
For example you can use it as: <a href="http://base-url/singlelogout.aspx”>Log out</a>"
Step 10: Integration Code
For integration part, add the code provided in the SAML Connector to your application.
You can configure the miniOrange ASP.NET SAML 2.0 Connector with any Identity Provider such as ADFS, Azure AD, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito or even with your own custom identity provider.
The miniOrange ASP.NET SAML 2.0 Connector supports C# and Visual Basic languages.
We also provide DotNet Nuke Single Sign-On SAML Connector. Click Here to know more.