Search Results :

×

Configure ASP.NET Core as SAML Identity Provider Setup Guide

ASP.NET Core as SAML identity provider module provides a ready-to-use solution for SAML 2.0 login using ASP.NET credentials. ASP.NET Core SAML IdP module acts as a SAML 2.0 identity provider which can be configured to establish the trust between the ASP.NET application and various SAML 2.0 supported service providers such as WordPress, Drupal, Moodle and many more to securely authenticate the users using the ASP.NET application credentials.

  • To install the miniOrange SAML IDP NuGet package in your .NET application, just install the miniOrange NuGet package on top of your application.
NuGet Package
.NET CLI

PM> NuGet\Install-Package miniOrange.SAML.IDP -Version 7.1.0

Note: To integrate the miniOrange ASP.NET SAML IDP middleware in your application, you will be required to add the below namespaces, services and middleware in your project, below is a sample implementation for reference.


  using Microsoft.AspNetCore.Authentication.Cookies;
  using miniOrange.saml;
  var builder = WebApplication.CreateBuilder(args);

  // Add services to the container.
  builder.Services.AddControllersWithViews();
  builder.Services.AddAuthentication(options =>
  {
     options.DefaultAuthenticateScheme = "SSO_OR_Admin";
     options.DefaultScheme = "SSO_OR_Admin";
     options.DefaultChallengeScheme = "SSO_OR_Admin";
  })
  .AddCookie("moAdmin", options =>
  {
  })
  .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options =>
  {
     // Configure your application authentication scheme above it can be Cookie Authentication,
    //JWT Authentication or ASP.NET Identity Authentication
  })
  .AddPolicyScheme("SSO_OR_Admin", "SSO_OR_Admin", options =>
  {
    // runs on each request
    options.ForwardDefaultSelector = context =>
    {
      foreach (var cookie in context.Request.Cookies)
      {
        if (cookie.Key.Contains("moAdmin") && context.Request.Query["ssoaction"] == "config")
        {
          return "moAdmin";

        }
      }
      // Return your Authentication Scheme if it's not the dashboard path below here
      return CookieAuthenticationDefaults.AuthenticationScheme;
     };
  });

  var app = builder.Build();
  if (!app.Environment.IsDevelopment())
  {
    app.UseExceptionHandler("/Home/Error");
    app.UseHsts();
  }
  app.UseHttpsRedirection();

  #if NET9_0_OR_GREATER
  app.MapStaticAssets();
  #else
  app.UseStaticFiles();
  #endif

  app.UseRouting();

  app.UseCookiePolicy();
  app.UseAuthentication();
  app.UseAuthorization();

  app.UseminiOrangeSAMLSSOMiddleware();
  app.MapRazorPages();

  app.Run();

  • Once you have added the integration code, build and clean your solution once.
  • After integration, open your browser and browse the module dashboard with the URL below:

  https://<your-application-base-url>/?ssoaction=config

  • If the registration page or login page pops up, you have successfully added the miniOrange SAML IDP NuGet package to your application.
.NET-SAML-IDP-Core-dashboard

  • Register or log in with your account by clicking the Register button.
  • After successful registration, you will receive a trial license key on your registered email address.
  • If you have not received the license key to your provided email, use the Click here button in the plugin to download the license file.
License Key Manual Download link

  • To activate the module, you can either:
    • Enter the license key received via email in the provided input field.

    OR

    • Upload the license file that you downloaded using the link mentioned above.
Enter License Key

  • Then, check the box "I have read the above conditions and I want to activate the module", and click the Activate License button.
Activate License

  • In the Plugin Settings menu, navigate to Service Provider Settings, and click on the Add New SP button.
Service Provider Settings

  • From the list of available service providers, select your Service Provider. If your SP is not listed, choose the Custom SP option.
Service Provider List

  • You can fill in the details manually or by using the Upload SP Metadata button.
Upload SP metadata

  • You will be able to upload all the metadata using a Metadata XML file or a Metadata URL.
Upload SP metadata

  • Now, go to the Identity Provider Settings tab. Provide the IdP metadata to your Service Provider by either downloading the metadata file or copying the metadata details manually, as per your integration requirements.
Identity Provider Settings

To send the details from ASP.NET to your service provider in the form of SAML tokens, we first need to set the authenticated user details as user claims.

  • If you want to send user details such as the username, you can store this information as a user claim after your authentication mechanism. Refer to the sample code below:

  var claims = new List<Claim>
  {
    new Claim(ClaimTypes.Name, "test"),
    new Claim(ClaimTypes.Email, "test@example.com"),
    new Claim(ClaimTypes.Role, "Subscriber")
  };

  var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
  var principal = new ClaimsPrincipal(identity);

  // Sign in using your Authentication Scheme
  await HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, principal);

  • Map this same user claim in the ASP.NET SAML IdP plugin so that the plugin knows which claim value needs to be included in the SAML token.
  • Note: All the mapped attributes will be stored as user claims, so you can access them in your application.
Identity Provider Settings

  • Once everything above is completed, you can initiate the SSO from your .NET application using the following link for the authenticated user.
  • Click on Select Actions, and from the dropdown, select SSO Link to copy the SSO Link.
Copy SSO Link


Please reach out to us at aspnetsupport@xecurify.com, and our team will assist you with setting up the ASP.NET Core SAML SSO. Our team will help you to select the best suitable solution/plan as per your requirement.

ADFS_sso ×
Hello there!

Need Help? We are right here!

support