Search Results :


ASP.NET Core SAML IDP Setup Guide

ASP.NET Core as SAML identity provider provides a ready-to-use solution for SAML 2.0 login using ASP.NET credentials. ASP.NET Core SAML IdP acts as a SAML 2.0 identity provider which can be configured to establish the trust between the ASP.NET Core application and various SAML 2.0 supported service providers such as WordPress,Tableau, Moodle and many more to securely authenticate the users using the ASP.NET Core application credentials.

Choose your SAML service provider to configure Single Sign-On (SSO)

Not able to find your IdP? Contact us at and we will help you setup ASP.NET Core SSO with your SP in no time.

Couldn't find your IdP?

Reach out to us at and we will help you setup Blazor SAML SSO with your identity provider (IdP) in no time.

Steps to configure ASP.NET Core as SAML Identity Provider

1. Pre-requisites:Installation

  • To install the ASP.NET Core SAML IDP using the NuGet package, follow the steps given below:

PM> NuGet\Install-Package miniOrange.SAML.IDP
using Microsoft.AspNetCore.Authentication.Cookies; using miniOrange.saml; var builder = WebApplication.CreateBuilder(args); builder.Services.AddRazorPages(); // Add authentication services builder.Services.AddControllersWithViews(); builder.Services.AddAuthentication(options =>  { options.DefaultAuthenticateScheme = "SSO_OR_Admin"; options.DefaultScheme = "SSO_OR_Admin"; options.DefaultChallengeScheme = "SSO_OR_Admin";  }) .AddCookie("moAdmin", options =>  {  }) .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>  { // Configure cookie options as needed for SSO Users }) .AddPolicyScheme("SSO_OR_Admin", "SSO_OR_Admin", options => { // runs on each request options.ForwardDefaultSelector = context => { // filter by auth type, here if the moAdmin cookie is coming in any request the Admin Authentication will work foreach (var cookie in context.Request.Cookies) { if (cookie.Key.Contains(".AspNetCore.Cookies")) { return CookieAuthenticationDefaults.AuthenticationScheme; } } // otherwise always check for cookie auth return "moAdmin"; }; }); var app = builder.Build(); if (!app.Environment.IsDevelopment())  {     app.UseExceptionHandler("/Error");     app.UseHsts();  } app.UseHttpsRedirection(); app.UseRouting(); app.UseAuthorization(); app.MapRazorPages(); app.UseCookiePolicy(); app.UseAuthentication(); app.UseStaticFiles(); app.UseminiOrangeSAMLSSOMiddleware(); app.Run();
  • After integration, open your browser and browse the middleware dashboard with the URL below:
  • ASP.NET as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP - Register for ASP.NET IDP middleware
  • Register into the ASP.NET Core as SAML IDP

2. Configure your service provider

  • You need to send your IDP metadata to your service provider. For IDP metadata, use the IDP metadata URL or download the IDP metadata as a .xml file and upload it at your SP end. You can find both these options under the Identity Provider Settings tab.
  • ASP.NET as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP - upload idp metadata
  • Alternatively, you can manually add the IDP Entity ID and ACS URL from Identity Provider Settings tab in the plugin to your SP configurations.
  • ASP.NET as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP - upload idp metadata manually

3. Configure ASP.NET Core as Identity Provider

Note: After installation of the plugin, we need to setup the trust between your ASP.NET Core application and your service provider. SAML metadata is shared with identity provider so they can update their inbuilt configuration to support SAML Single Sign-On.

3.1: Share SAML Metadata with identity provider

  • Click on Add New SP to configure ASP.NET Core SAML Single Sign-On (SSO) using your identity provider.
  • ASP.NET SAML SSO - Click on Add new SP
  • Under Identity Provider Settings tab, you can either copy-paste the metadata URL on your IDP side or download the SP metadata as an XML file. Additionally, you have the choice to manually copy and paste Base URL, SP Entity ID, and ACS URL.
  • Share SAML metadata with your service provider.
  • ASP.NET SAML SSO - SP Settings Metadata

3.2: Import service provider SAML metadata

  • Select your service provider from the list shown.
  • ASP.NET SAML SSO - Select service provider

There are two ways detailed below with which you can configure your ASP.NET Core SAML identity provider metadata in the middleware.

A] Upload metadata using Upload SP Metadata option
  • If your service provider has provided you with the metadata URL or metadata file (.xml format only), then you can simply configure the service provider metadata in the ASP.NET Core application using the Upload SP Metadata option.
  • You may refer to the screenshot below:
  • ASP.NET as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP - upload idp metadata
  • You can choose any one of the options according to the metadata format you have available.
B] Configure the Service Provider metadata manually
  • After configuring your Service Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and SAML X509 Certificate fields respectively.
  • Click Save to save your IDP details.
  • ASP.NET as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP - upload idp metadata manually

4. Code Integration

To send the details from ASP.NET Core application to your service provider in the form of SAML tokens first, we will be required to set the authenticated user details in user claims.

  • Suppose, if you want to send user details like username, email address, firstname,lastname,phonenumber etc., you can put those details in user claims after your authentication mechanism. Refer to the sample code below:
    var UserClaims = new List<claim>() { new Claim(ClaimTypes.NameIdentifier, "") }; // Add your additional Claims UserClaims.Add(new Claim("email", "")); UserClaims.Add(new Claim("firstname", "test")); UserClaims.Add(new Claim("lastname", "user")); UserClaims.Add(new Claim("PhoneNumber", "9876543210")); // Set the User Identity with your User Claims and set your Authentication Scheme var identity = new ClaimsIdentity(UserClaims, CookieAuthenticationDefaults.AuthenticationScheme); var principal = new ClaimsPrincipal(identity); await httpContextAccessor.HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);
  • Map these same user claims in the ASP.NET Core SAML IdP plugin so that the plugin understands which claim values needs to be sent actually in the SAML tokens.
  • NameID is the default SAML attribute which you can set to the given values.
  • ASP.NET as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP - upload idp metadata manually

5. Copy SSO Link

  • Hover on Select Actions and click on Copy SAML SSO Link.
  • ASP.NET Core as SAML Identity Provider | ASP.NET SAML IDP | .NET IDP Copy SSO Link
  • Once everything above is completed, you can initiate the SSO from your .NET application using the following link for the authenticated user: <a href="https://<your-application-base-url>/?ssoaction=idpinitiatedsso"
  • For example, you can use it as HTML anchor tag or HTML button on your site after a user is authenticated on .NET application. <a href=”https://<your-application-base-url>/?ssoaction=idpinitiatedsso”>Login</a>

Additional Resources

Need Help?

Not able to find your service provider? Mail us on and we'll help you set up SSO with your SP and for quick guidance (via email/meeting) on your requirement and our team will help you to select the best suitable solution/plan as per your requirement.

Hello there!

Need Help? We are right here!

Contact miniOrange Support

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to