Classic ASP SAML Single Sign-On (SSO) with Azure AD as IDP

Overview

Classic ASP Single Sign-On (SSO) Connector gives the ability to enable SAML Single Sign-On for your Classic ASP applications. Using Single Sign-On you can use only one password to access your Classic ASP application and services. Our Connector is compatible with all the SAML compliant identity providers. Here we will go through a step-by-step guide to configure SAML Single Sign-On (SSO) between Classic ASP and Microsoft Entra ID (formerly Azure AD) considering Azure AD as IdP.

Pre-requisites : Download And Installation

• Extract the downloaded classic-asp-saml-sso-connector zip file to get Classic ASP SAML 2.0 Connector.

• Add the connector as a separate application on IIS.

• To add the application in IIS Manager, copy the extracted folder to the following path: C:\inetpub\wwwroot.

• Open IIS Manager. In the left panel, right-click on your site and click Add Application.

• Add an alias name for your application (e.g., ssoapp) and set the physical path to where you copied the connector, such as: C:\inetpub\wwwroot\classic-asp-saml-sso-connector-xxx.

• Go to C:\inetpub\wwwroot\, right-click on the classic-asp-saml-sso-connector-xxx folder, and select Properties.

• Under the Security tab, click Edit, Select from the Application Pool User, and grant it Full Control permission.

Register Your Account and Activate License

• Open any browser and navigate to : http://localhost/<Alias-Name> (Replace <Alias-Name> with the alias you provided while adding the application in IIS)

• If the registration or login page appears, it means the miniOrange Classic ASP SAML Connector has been successfully added to your application.

• Register or log in with your account by clicking the Register button.

• After successful registration, you will receive a trial license key on your registered email address.

• If you have not received the license key to your provided email, use the Click here button in the plugin to download the license file.

• To activate the connector, you can either:
• Enter the license key received via email in the provided input field.

OR

• Upload the license file that you downloaded using the link mentioned above.

• Then, check the box "I have read the above conditions and I want to activate the connector", and click the Activate License button.

Configure Azure AD as IDP

• First, navigate to the Service Provider Settings tab. Provide the SP metadata to your Identity Provider by either downloading the metadata file or copying the metadata details manually, as per your integration requirements.

• Login into Azure AD Portal. Select Azure Active Directory.

• Navigate to Enterprise Applications section and click on Add.

• Now click on New Application to create new application.

• Click on Create your own application. Enter the name for your app. Select the 3rd option in What are you looking to do with your application section and then click on Create button.

• Click on Single sign-on from the application's left-hand navigation menu and select SAML.

• Edit BASIC SAML CONFIGURATION and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider section of the Classic ASP SSO Connector as shown above.

• Copy App Federation Metadata Url. This will be used while configuring the Classic ASP SSO Connector.

• Assign users and groups to your SAML application.
• Click on Users and groups from the applications left-hand navigation menu.
• After clicking on Add user, Select Users and groups in the Add Assignment screen. Search or invite an external user. Select the appropriate user and click on the Select button.
• After selecting the appropriate user, click on the Assign button.

Configure Classic ASP SAML Connector as Service Provider

• Now, under Identity Provider Settings, click the Configure IDP button.

• The Identity Provider Settings dashboard will now open, where you can provide the required Identity Provider metadata. You can fill in the details manually or by using the Upload IDP Metadata button.

• Enter the IDP Name and upload the metadata using a Metadata XML file or a Metadata URL.

• After uploading the metadata details, navigate to the Identity Provider Settings section. Hover over the Select Actions dropdown and click on Test Configuration to verify if the connector has been configured correctly with the IDP.

• The below Screenshot shows a successful result.

• Since the SSO connection with the Azure IDP has been successfully established, the next step is to securely pass the authenticated user details to the Classic ASP application.

Login Setup

• Go to the JWT Keys tab and click the Download button under SSO Script. The sso.asp script is used to validate the JWT token that is sent during the Single Sign-On (SSO) process.

• This will download a file named sso.asp.

• Place this file into the folder where your Classic ASP application is hosted.

• It checks if the token is valid and then logs the user into your Classic ASP application automatically using the information inside the token.

• Enter your application's JWT Endpoint URL. This is the URL where the signed JWT token (containing the SAML response) will be sent, which will help set the session in your application and can be used further to log in the user.

• This helps your application receive the user's login information securely.
  Click Save to finish the configuration.

• Set the JWT Consumer Endpoint to :

Add SSO Link

• Hover on Select Actions and click on Copy SSO Link.

• Use the following URL as a link in your application from where you want to perform SSO:

Related Articles

• ASP.NET SAML SSO
• ASP.NET OAuth SSO
• ASP.NET Core Decoupled Application