All geek questions in one place

Using Kentor.AuthServices.StubIdp as an IDP Product

I am trying to implement an IDP server (SAML2) inside my application. I do not want any of my partners to ask our customers to register on their side, given the fact that my application has all the necessary data.

I am not very familiar with the SAML2 protocol. I found the Kentor.AuthServices.StubIdp project the most interesting because it implements everything I need. I also know that it is not designed for production purposes.

I planned to build IDP on top of StubIdp because I cannot afford expensive solutions like ComponentPro .

Are there any better alternatives? Is creating on top of StubIdp a good idea?

+5
source share
1 answer

The SAML2 login can be done in two ways:

  • SP-init, where SP sends AuthnRequest to Idp, and Idp responds with a SamlResponse response.
  • Idp-initaited, where Idp sends an unsolicited SamlResponse request.

Kentor.AuthServices (the library that manages StubIdp) contains everything you need for logins initiated by Idp. See the source Idp for how this is done.

Logging in with the SP initiative is more complicated, since Idp has to do some validation on the incoming AuthnRequest. These checks are completely absent in Stub Idp (such an idea for a test environment). Implementing an SP initiative entry is certainly possible, but it requires a lot more work.

+3
source

Source: https://habr.com/ru/post/1235832/

More articles:


All Articles