Search Results :

×

Classic ASP SAML Single Sign-On (SSO) with Azure AD as IDP


Classic ASP SAML Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your Classic ASP applications. Using Single Sign-On you can use only one password to access your Classic ASP application and services. Our module is compatible with all the SAML compliant identity providers. Here we will go through a step-by-step guide to configure SAML Single Sign-On (SSO) between Classic ASP and Microsoft Entra ID (formerly Azure AD) considering Azure AD as IdP.

Steps to configure Classic ASP Single Sign-On (SSO) using Azure AD as IDP

1. Setup Connector for application on IIS

  • Extract the downloaded asp-net-saml-sso-connector zip file to get ASP.NET SAML 2.0 Connector.
  • Add the connector as separate application on IIS
  • To Add Application in IIS Manager, copy the extracted folder to the following path: C:\inetpub\wwwroot.
  • Open IIS manager.In left panel right click on your site and click Add Application.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) iis manager
  • Add Alias Name for your application. For example: ssoapp
  • Give the Physical path where you have copied the Application: C:\inetpub\wwwroot\asp-net-saml-sso-connector-xxx.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID)  add app

2. Steps to give authority/permission to users to use SAML Connector

  • Go to this path C:\inetpub\wwwroot\
  • Right click the asp-net-saml-sso-connector-xxx and select Properties
  • Select the Security tab and click the Edit button.
  • Select IIS_IUSRS in under Group or Usernames option.
  • Give Full Control permission for IIS_IUSRS container as shown in the figure below:
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) permission

3. Open miniOrange SAML ASP.NET Connector on Browser

  • Open any browser and go to the following link: https://<new-application-base-url>/.
  • Login or Register to SAML connector in order to access the connector's admin dashboard.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID)  mo saml dll register

4. Configure Azure AD as IDP

  • You need to provide SP Entity ID and ACS URL values while configuring your Identity Provider. Just copy and paste the SP Entity ID and ACS URL from connector to your IdP configuration page.You can refer to the image below.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) sp settings
  • Login into Azure AD Portal. Select Azure Active Directory.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - non-gallery app
  • Navigate to Enterprise Applications section and click on Add.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - non-gallery app
  • Now click on New Application to create new application.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - non-gallery app
  • Click on Create your own application. Enter the name for your app. Select the 3rd option in What are you looking to do with your application section and then click on Create button.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - non-gallery app
  • Click on Single sign-on from the application's left-hand navigation menu and select SAML.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - saml app
  • Edit BASIC SAML CONFIGURATION and enter the SP Entity ID for Identifier and the ACS URL for Reply URL from Service Provider section of the ASP.NET SAML plugin.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - edit basic saml configuration
  • Copy App Federation Metadata Url. This will be used while configuring the ASP.NET SAML module.
  • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - metadata url
  • Assign users and groups to your SAML application.
    • Click on Users and groups from the applications left-hand navigation menu.
    • After clicking on Add user, Select Users and groups in the Add Assignment screen. Search or invite an external user. Select the appropriate user and click on the Select button.
    • After selecting the appropriate user, click on the Assign button.
    • Classic ASP Single Sign-On (SSO) using Azure AD (Microsoft Entra ID) as IDP - add users

5. Configure ASP.NET SAML Connector as Service Provider

  • After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively.
  • Click Save to Save your IDP details.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) idp settings

6. Testing SAML SSO

  • Click on Test Configuration button to test whether the connector is configured correctly or not.
  • The below Screenshot shows a successful result.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) Test Configuration

7. Attribute Mapping

  • Attribute Mapping helps you to get attributes in your ASP.NET application received from your IdP and map them to your user attributes in application.
  • Attributes received in successful test configuration are used for attribute mapping.
  • You can refer to the below image for attribute mapping:
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) attribute mapping

8. Integration Code

  • miniOrange SSO connector will POST a signed JWT token on this endpoint which will contain the authenticated user's info. So, first create a POST endpoint in your application.
  • Download the integration library (.dll file ) using the download option in the integration tab and add it to your project. This library contains the classes and methods with which you can verify the JWT token signature and also retrieve the user attributes from the token.
  • Use string token, string public_key function to verify the token signature.It takes token (string) and public_key (string) as parameters and returns a bool value after verification.
  • Once the verification returns true, then use getUserAttr(string token, string attr_name) function to retrieve user attributes from the token. It takes token (string) and attr_name (string) as parameters and returns attribute value (string) on success otherwise it returns an empty string.
  • Add the namespace as "Miniorange.SSO.SAML.Integrate"
  • You can refer to the example below for the integration part: Integrate intgtr= new Integrate(); // create instance for Integrate class
    string public_key = "1wEaPr7h34Ts+DbgPytEqwkcJlybYwOTyBVD4GryebjSIF....................";
    //Your public key displayed above.
    string token = Request.Form["token"];
    string username ="";
    if (!String.IsNullOrEmpty(token)) {
    // Verifying if the token is received from the trusted source.
    if ( intgtr.Verify(token, public_key))
    { username = intgtr.getUserAttr(token, "userid"); // retrieve the attribute value using getUserAttr method }
    } // using the received attributes from token you can create the session for that user.

9. Login Setup

  • Provide the created endpoint URL for your ASP.NET application in Login Setup where you will read the JWT Token with the user attributes.
  • Click on the Save button.
  • Classic ASP Single Sign-On using Azure AD (Microsoft Entra ID) login Setup

10. Add SSO Link

  • Use the following URL as a link in your application from where you want to perform SSO:
    https://<application-base-url>/request.aspx
  • For example you can use it as:
    <a href="https://<application-base-url>/request.aspx”>Log in</a>"

11. Add SLO Link

  • Use the following URL as a link in your application from where you want to perform SLO:
    https://<application-base-url>/singlelogout.aspx
  • For example you can use it as:
    <a href="https://<application-base-url>/singlelogout.aspx”>Logout</a>"

Additional Resources


Need Help?

Not able to find your identity provider? Mail us on aspnetsupport@xecurify.comand we'll help you set up SSO into Classic ASP with your custom IDP. For quick guidance (via email/meeting) on your requirement, our team will help you to select the best suitable solution/plan as per your requirement.


Hello there!

Need Help? We are right here!

support
Contact miniOrange Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com