1

I'm trying to implement SAML authentication in .Net Core 3.1. I'm using the sample project TestWebAppCore from this official repo.

I have the values below and I need to adapt the sample project considering Azure AD as an Identity Provider:

  • Login URL
  • Azure AD Identifier
  • Logout URL
  • I also have a .xml and a .cer file.

My questions are:

  • Login URL is the configuration SingleSignOnDestination?
  • Logout URL is the configuration SingleLogoutDestination?
  • Azure AD Identifier is the configuration IdPMetadata?
  • Can I remove the code that refers to SigningCertificatePassword (.pfx file) and add reference to my .cer file?
  • Do I need to use the xml file? Where?
Felipe Costa Gualberto
  • 1,075
  • 7
  • 22

1 Answers1

1

If you integrate with an Azure AD Enterprise Application I think you should use the Enterprise Applications metadata to configure (config parameter IdPMetadata) ITfoxtec Identity SAML 2.0 in the .NET application.

  • SingleSignOnDestination is the Azure AD Enterprise Application login endpoint.
  • SingleLogoutDestination as I remember an Azure AD Enterprise Application do not support SAML 2.0 logout.
  • AllowedIssuer is the Azure AD Enterprise Application issuer.
  • SigningCertificate need to contain a certificate with both public and private key like a .pfx. A .cer only contain the public key.
Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25