2

I am trying to follow below article for SAML implementation & i am very new to the .net core and SAML https://developer.okta.com/blog/2020/10/23/how-to-authenticate-with-saml-in-aspnet-core-and-csharp

When added code into AuthController.cs , i am getting error for Login method. In below code Url.Content giving error 'The name url does not exist in current context'. Also package 'using Okta_SAML_Example.Identity;' is giving error regarding assembly as its not there.

var binding = new Saml2RedirectBinding(); binding.SetRelayStateQuery(new Dictionary<string, string> { { relayStateReturnUrl, returnUrl ?? Url.Content("~/") } });

Want to set the context : my idp will be internal organization idp [it will be configured by different team in org and for now they want me to provide attributes which i want in response] so where exactly in code it will be referred as i dont see IDP reference url in the code & xml sample too. please help me as need guidance at earlist.

Girish G
  • 93
  • 7

1 Answers1

1

I'm in doubt why you are seeing the error, it is not an error I have experienced. You can try to download the ITfoxtec.Identity SAML 2.0 code and run the TestIdPCore and TestWebAppCore samples in the test folder.

The library documentation.

The IdP can be configured in the appsettings.json file, here an example from the TestWebAppCore sample. The easiest way is to configure the IdP metadata, which will establish the trust without further configuration.

Anders Revsgaard
  • 3,636
  • 1
  • 9
  • 25
  • 1
    Hello Anders , many thanks for your reply. I worked again and found issue was with placing .cs file under folder structure instead of root. Now its solved. Regarding IDP metadata, as per your suggestion, if i dont have any IDP server/Infra ready, then i can use "https://localhost:44305/metadata" controller code which will treat as IDP server which is going to send some response ? many thanks in advance !! – Girish G Apr 12 '21 at 06:50
  • 1
    my appsettings.json file .......... { "Logging": { "LogLevel": { "Default": "Information", "Microsoft": "Warning", "Microsoft.Hosting.Lifetime": "Information" } }, "Saml2": { "IdPMetadata": "https://localhost:5001/metadata", "Issuer": "Okta_SAML_Example", //"SignatureAlgorithm": "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", "CertificateValidationMode": "None", //"ChainTrust", "RevocationMode": "NoCheck" }, "AllowedHosts": "*" } – Girish G Apr 12 '21 at 07:19
  • Yes "https://localhost:44305/metadata" is the sample IdP metadata. The TestWebAppCore sample expose metadata ("https://localhost:44306/metadata") which can be consumed by the IdP, and thereby the IdP have all the details about the relying party (your application). – Anders Revsgaard Apr 12 '21 at 07:39
  • Somehow i am unable to built Testwebappcore project under my local. My okta sample code is in built state but when i try to click login, i get error 'This localhost page can’t be found' under URL : 'http://localhost:1068/Auth/Login'. This means controller is not getting called and its not redirecting me to IDP url. – Girish G Apr 12 '21 at 18:37
  • My overall confusion is 1) what this metadata is going to do ? is this the response from IDP server which my code should read ? 2) Where we configure IDP details/url in my code which will redirect me to my organization IDP server to set user context. I want to use windows auth. which is not possible on aws and AD integration is not allowed. I want that my ORG idp should return me more details about logged in user like his emp id/login id, AD groups etc. Sorry bit confused – Girish G Apr 12 '21 at 18:37
  • finally i am able to reach to login controller. Somehow i am getting error : System.Net.WebException: 'No connection could be made because the target machine actively refused it. No connection could be made because the target machine actively refused it.' for line entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"])); my appsetting "IdPMetadata": "http://localhost:1608/metadata" [metadata controller is part of my own application] – Girish G Apr 13 '21 at 12:53
  • Maybe the url is "localhost:1068/metadata"? You can try to call it directly in the browser. – Anders Revsgaard Apr 13 '21 at 12:57
  • I directly call and its directly reaching to line with error. Line : entityDescriptor.ReadIdPSsoDescriptorFromUrl(new Uri(Configuration["Saml2:IdPMetadata"])); & error : System.Net.WebException: 'No connection could be made because the target machine actively refused it. No connection could be made because the target machine actively refused it.' ... is it going to any other url which is not authorized to access from our organization ? – Girish G Apr 13 '21 at 14:55
  • Further updates : Now when i call https://localhost:44306/metadata from TestWebAppCore sample application , i am getting error at constructior level i.e. on config = configAccessor.Value; and error is System.Net.WebException: 'An exception occurred during a WebClient request.' ..any idea what could be going wrong ? – Girish G Apr 13 '21 at 17:43