SAML Single Sign-On (SSO) For ASP.NET Web Applications Using ADFS As IDP

ASP.NET SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications. Using Single Sign-On you can use only one password to access your ASP.NET application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and ADFS considering ADFS as IdP.

Download And Extract Package

  • Download miniOrange ASP.NET SAML 2.0 Module.
  • For Setting up the module, extract the asp-net-saml-sso-module-xxx.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config and a integration.md file which contain the steps for adding the module into your application.

Step 1: Add module in your application

  • Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your application.
  • Register miniorangesamlsso module in your application according to the provided steps in the integration.md file.
  • Add the provided configuration file saml.config in the root directory for your application.
  • After integration open browser and browse the module dashboard with URL below:
    • https://<your-application-base-url>?ssoaction=config
  • If it pops up the registration page or login page, you have successfully added the miniOrange saml sso module for your application.

  • asp.net saml sso ADFS : login page
  • Register or Login for configuring the module.

Step 2: Configure ADFS as Identity Provider

  • First, search for ADFS Management application on your ADFS server.
  • asp.net saml sso ADFS : adfs server
  • After opening the AD FS Management, select Relying Party Trust. Click on Add Relying Party Trust.

  • asp.net saml sso ADFS : add relying party
  • Select Claims Aware and click the Start button from the Relying Party Trust Wizard pop up.

  • asp.net saml sso ADFS : claims
  • Select the options for Adding a Relying Party Trust.
    • Using Metadata URL : Import data about the relying party published online or on the local network: Select this option to enter the metadata using metadata URL provided by Service Provider section of the module.

    • asp.net saml sso ADFS : add relying party metadata
    • Using Metadata XML file : Import data about the relying party from a file: Select this option to upload the SP metadata file (XML file) provided by the Service Provider section of the module.

    • asp.net saml sso ADFS : add relying party xml file
    • Using Manual configuration : Enter Data about the relying party manually & Click on Next: Select this option to enter the data manually

    • asp.net saml sso ADFS : add relying party manual
  • Enter Display Name and click Next.
  • Select Enable support for the SAML 2.0 WebSSO protocol. Enter ACS URL from the plugins Service Provider Info Tab. Click Next.

  • asp.net saml sso ADFS : acs url
  • Add Entity ID from plugins Service Provider Settings section as Relying party trust identifier.
  • Click on the Add button and then click Next.

  • asp.net saml sso ADFS : entity id
  • Select Permit everyone as an Access Control Policy & click on Next.

  • asp.net saml sso ADFS : user permit access control
  • Click the Next button from Ready to Add Trust and click Close.
  • A list of Relying Party Trusts will be visible. Select the respective application & click on Edit Claim Issuance Policy.

  • asp.net saml sso ADFS : Edit Claim Issuance Policy
  • Click on the Add Rule button.

  • asp.net saml sso ADFS : add rule
  • Select Send LDAP Attributes as Claims &and click on Next.

  • SAML Single Sign-On (SSO) using ADFS Identity Provider(IdP),for SAML 2.0 Configure_LDAP Attributes
  • Enter the following details and click on Finish.
  • Claim rule name: Attributes
    Attribute Store: Active Directory
    LDAP Attribute: E-Mail-Addresses
    Outgoing Claim Type: Name ID
    SAML Single Sign-On (SSO) using ADFS Identity Provider(IdP), for the SAML 2.0 Add Transform Claim Rule
  • Click Apply and then Ok.

Step 3: Configure ASP.NET SAML Module as Service Provider

  • After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
  • Click Save to Save your IDP details.
  • asp.net saml sso ADFS : idp settings

Step 4: Test Configuration

  • Click on the Test Configuration button to test the configuration.
  • asp.net saml sso ADFS : test configuration settings

Step 5: Attribute Mapping

  • After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.
  • Note: All the mapped attributes will be stored in the session so that you can access them in your application.
  • asp.net saml sso ADFS : attribute mapping

Step 6: Integration Code

  • You can also find the Integration code in the Integration Code tab in the module. Just copy-paste that code snippet wherever you want to access the user attributes.
  • Note: All the mapped attributes will be stored in the session so that you can access them in your application.
  • asp.net saml sso ADFS : integration code

Step 7: Login Settings

  • Use the following URL as a link in your application from where you want to perform SSO:
  • https://<your-application-base-url>/?ssoaction=login
  • For example you can use it as:
  • <a href="https://<your-application-base-url>/?ssoaction=login">Login<a>

Step 8: Logout Settings

  • Use the following URL as a link in your application from where you want to perform SLO:
  • https://<your-application-base-url>/?ssoaction=logout
  • For example you can use it as:
  • <a href="https://<your-application-base-url>/?ssoaction=logout">Logout<a>

    You can configure the ASP.NET SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, ADFS, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.

Application LINK
SAML SSO into DotNetNuke (DNN) site Click here
SAML SSO into SiteFinity site Click here
SAML SSO into Umbraco site Click here