• Loading...
ComponentPro UltimateSaml

SP-Initiated Web Applications

Language Filter: AllSend comments on this topic to ComponentPro

Single Sign-On Introduction

In this SP-Initiated SSO scenario, a user browses to the SP site and attempts to access a protected resource on the SP site. If the user is not logged in, the SP asks the user to log in at the IdP site. When the authentication is complete, the user is redirected back to the SP.

Processing Steps:

  1. A user request access to a protected resource on the SP site. If the user is not logged in, SP redirects him or her to the IdP to handle authentication. SP also sends an authentication request to the IdP site.
  2. The user presents his or her credentials to log in at the IdP.
  3. If the user credentials are correct, IdP sends a SAML response containing the authentication assertion and any attributes back to the SP site.
  4. The SP validates the message. If the signature and assertion are valid, the SP uses the information in the SAML Response to perform an automatic login.

Single Logout Introduction

In this SP-Initiated SLO scenario, a user clicks on a link on the SP site to log out of the current SP site, the IdP site, and all the other participating SP sites.

Service Provider Example Web Application

After successfully installing the UltimateSaml setup package you will see two web sample projects in folder Samples\Saml\Web\CS\Saml2SPInitiated for C# and Samples\Saml\Web\VB\Saml2SPInitiated for VB.NET. To run these web sample projects, open the solution file Saml2SPInitiated_XXXX.sln, and then press F5 in the Visual Studio IDE.

This sample is configured to run on port 1426 (you can easily change the port number in the project property page). The identity provider web application, in conjunction with Service Provider web application, demonstrates IdP initiated single sign-on. Firstly, you can either login to the local system with the username suser and a password of password or follow the steps below:

SPInit

  1. Select the binding to use when communicating between the Service Provider web application and Identity Provider web application.
  2. Select the binding to use when communicating between the Identity Provider web application and Service Provider web application.
  3. Click on the Next button.
  4. You should then be presented with the Identity Provider login page as you will be logging in at the Identity Provider web application, not the Service Provider web application
    IdpLogin
  5. Login using the username iuser and a password of password.
  6. You should then be presented with the Service Provider's home page
    SPloggedin

You have successfully completed a SAML 2.0 Single Sign-On and are logged in at the Service Provider with your Identity Provider username.

NOTE for step 1 and 2: The user experience should be the same regardless of the binding selected. The only time when this is not the case is if the HTTP POST binding is selected and Javascript is disabled in which case the user will be presented with an intermediate form and a button they need to click.

How to configure?

You can easily configure the Service Provider web application by modifying the settings within its web.config file's <appSettings> section:

Identity Provider Example Web Application

This sample is configured to run on port 1425 (you can easily change the port number in the project property page). The identity provider web application, in conjunction with Service Provider web application, demonstrates IdP initiated single sign-on. You can login to the local system with the username iuser and a password of password.

How to configure?

You can easily configure the ID Provider web application by modifying the settings within its web.config file's <appSettings> section: