ASP.NET SAML SP Single Sign-On (SSO) module gives the ability to enable SAML Single Sign-On for your ASP.NET applications. Using Single Sign-On you can use only one password to access your ASP.NET application and services. Our module is compatible with all the SAML compliant Identity providers. Here we will go through a step-by-step guide to configure Single Sign-On (SSO) between ASP.NET and ADFS considering ADFS as IdP.
Download And Extract Package
- Download miniOrange ASP.NET SAML 2.0 Module.
- For Setting up the module, extract the asp-net-saml-sso-module-xxx.zip, you will find a DLL file miniorange-saml-sso.dll, a configuration file saml.config and a integration.md file which contain the steps for adding the module into your application.
Step 1: Add module in your application
- Add miniorange-saml-sso.dll in the bin folder (where your other DLL files exist) for your application.
- Register miniorangesamlsso module in your application according to the provided steps in the integration.md file.
- Add the provided configuration file saml.config in the root directory for your application.
- After integration open browser and browse the module dashboard with URL below:
https://<your-application-base-url>?ssoaction=config
- If it pops up the registration page or login page, you have successfully added the miniOrange saml sso module for your application.
- Register or Login for configuring the module.
Step 2: Configure ADFS as Identity Provider
- First, search for ADFS Management application on your ADFS server.
- After opening the AD FS Management, select Relying Party Trust. Click on Add Relying Party Trust.
- Select Claims Aware and click the Start button from the Relying Party Trust Wizard pop up.
- Select the options for Adding a Relying Party Trust.
- Using Metadata URL : Import data about the relying party published online or on the local network: Select this option to enter the metadata using metadata URL provided by Service Provider section of the module.
- Using Metadata XML file : Import data about the relying party from a file: Select this option to upload the SP metadata file (XML file) provided by the Service Provider section of the module.
- Using Manual configuration : Enter Data about the relying party manually & Click on Next: Select this option to enter the data manually
- Enter Display Name and click Next.
- Select Enable support for the SAML 2.0 WebSSO protocol. Enter ACS URL from the plugins Service Provider Info Tab. Click Next.
- Add Entity ID from plugins Service Provider Settings section as Relying party trust identifier.
- Click on the Add button and then click Next.
- Select Permit everyone as an Access Control Policy & click on Next.
- Click the Next button from Ready to Add Trust and click Close.
- A list of Relying Party Trusts will be visible. Select the respective application & click on Edit Claim Issuance Policy.
- Click on the Add Rule button.
- Select Send LDAP Attributes as Claims &and click on Next.
- Enter the following details and click on Finish.
Claim rule name: |
Attributes |
Attribute Store: |
Active Directory |
LDAP Attribute: |
E-Mail-Addresses |
Outgoing Claim Type: |
Name ID |
- Click Apply and then Ok.
Step 3: Configure ASP.NET SAML Module as Service Provider
- After configuring your Identity Provider, it will provide you with IDP Entity ID, IDP Single Sign On URL and x.509 Certificate. Configure these values under IDP Entity ID, Single Sign-On Url and SAML X509 Certificate fields respectively. (Refer to the Metadata provided by Identity Provider)
- Click Save to Save your IDP details.
Step 4: Test Configuration
- Click on the Test Configuration button to test the configuration.
Step 5: Attribute Mapping
- After testing the configuration, Map your application attributes with the Identity Provider (IdP) attributes.
- Note: All the mapped attributes will be stored in the session so that you can access them in your application.
Step 6: Integration Code
- You can also find the Integration code in the Integration Code tab in the module. Just copy-paste that code snippet wherever you want to access the user attributes.
- Note: All the mapped attributes will be stored in the session so that you can access them in your application.
Step 7: Login Settings
- Use the following URL as a link in your application from where you want to perform SSO:
https://<your-application-base-url>/?ssoaction=login
- For example you can use it as:
<a href="https://<your-application-base-url>/?ssoaction=login">Login</a>
Step 8: Logout Settings
- Use the following URL as a link in your application from where you want to perform SLO:
https://<your-application-base-url>/?ssoaction=logout
- For example you can use it as:
<a href="https://<your-application-base-url>/?ssoaction=logout">Logout</a>
You can configure the ASP.NET SAML 2.0 Single Sign-On (SSO) module with any Identity Provider such as ADFS, ADFS, Bitium, Centrify, G Suite, JBoss Keycloak, Okta, OneLogin, Salesforce, AWS Cognito, OpenAM, Oracle, PingFederate, PingOne, RSA SecureID, Shibboleth-2, Shibboleth-3, SimpleSAML, WSO2 or even with your own custom identity provider.