SAML 2.0 implementation in .NET, which library to use

Question

We are about to implement support for SAML 2.0 in our company and we have been going through a long list of libraries (from Wikipedia) that would allow us to implement such identification for our systems more practically (us being the Service Provider).

I recently found out that .NET 4.5 comes with native support for SAML 2.0 through WIF (Windows Identity Foundation). However, having native support by .NET, should we consider using a popular third-party libraries such as ComponentSpace (or anything better perhaps)? Are there any benefits in regards to ease of use, broader settings, flexibility or documentation?

Have a look at this question: http://stackoverflow.com/questions/23831961/how-does-the-asp-net-identity-compare-with-windows-identity-foundation — Jan Köhler, Feb 01 '15 at 12:16
I haven't personally tried this but it looks credible: itfoxtec.com/Saml2 — identigral, Feb 03 '15 at 01:47
https://github.com/jitbit/AspNetSaml (disclaimer: I'm one on the contributors) — Alex from Jitbit, Jun 17 '18 at 12:07

score 4 · Answer 1 · answered Feb 01 '15 at 17:40

WIF doesn't support SAML (the protocol). It supports WS-Fed with SAML tokens. If you really want to go down the SAML (protocol) you need to use some other library like ComponentOne's.

TL;DR: WIF, at least theoretically, can do SAML-P too if you extend it. Microsoft wrote this extensions as a "preview" in 2011, but has not updated yet since. You can do it too using the WIF extension model. Most people I know have better things to do though :-).

In general, I would recommend going with a lighter weight, syntactically simpler protocol like OpenID Connect. Plenty of easy to use, simpler to debug, troubleshoot libraries out there.

score 2 · Answer 2 · answered Feb 01 '15 at 22:38

2

Have a look at SAML : SAML connectivity / toolkit and the links in it.

Having used ComponentSpace, it works and has a good selection of samples and the cost is pretty reasonable.

Obviously, commercial = support.

Not sure about your use case but you could possibly install ADFS and then go:

ASP.NET --> WS-Fed (WIF) --> ADFS --> SAML --> IP.

answered Feb 01 '15 at 22:38

rbrayb

46,440
34
114
174

Yes, that works too. But it looks like a lot of plumbing :-) – Eugenio Pace Feb 02 '15 at 16:36
Possibly, but in my experience with a number of customers it's a whole lot easier than trying to get a SAML stack working if you've never done it before. – rbrayb Feb 02 '15 at 17:46
Yes. Completely agree. Or use Auth0 and you get the best of the two worlds :-). Can you ping me on email? I couldn't find a way to connect with you. http://stackoverflow.com/users/349524/eugenio-pace – Eugenio Pace Feb 03 '15 at 05:07
To flesh out @Eugenio's comment, I wrote this up: http://nzpcmad.blogspot.co.nz/2015/04/saml-net-application-talking-to-saml-idp.html – rbrayb Apr 12 '15 at 22:28

SAML 2.0 implementation in .NET, which library to use

2 Answers2