SP-Initiated Web Applications

Single Sign-On Introduction

In this SP-Initiated SSO scenario, a user browses to the SP site and attempts to access a protected resource on the SP site. If the user is not logged in, the SP asks the user to log in at the IdP site. When the authentication is complete the user is redirected back to the SP.

Processing Steps:

  1. A user request access to a protected resource on the SP site. If the user is not logged in, SP redirects him or her to the IdP to handle authentication. SP also sends an authentication request to the IdP site.
  2. The user presents his or her credentials to log in at the IdP.
  3. If the user credentials are correct, IdP sends a SAML response containing the authentication assertion and any attributes back to the SP site.
  4. The SP validates the message. If the signature and assertion is valid, the SP uses the information in the SAML Response to perform an automatic login.

Single Logout Introduction

In this SP-Initiated SLO scenario, a user clicks on a link at the SP site to log out of the current SP site, the IdP site and all the other participating SP sites.

Service Provider Example Web Application

After successfully installing the UltimateSaml setup package you will see two web sample projects in folderSamples\Saml\Web\CS\Saml2SPInitiated for C# and Samples\Saml\Web\VB\Saml2SPInitiated for VB.NET. To run these web sample projects, open the solution file Saml2SPInitiated_XXXX.sln, and then press F5 in the Visual Studio IDE.

This sample is configured to run at port 1426 (you can easily change the port number in the project property page). The identity provider web application, in conjunction with Service Provider web application, demonstrates IdP initiated single sign-on. Firstly, you can either login to the local system with the user name suser and a password of password or follow the steps below:

SPInit

  1. Select the binding to use when communicating between the Service Provider web application and Identity Provider web application.
  2. Select the binding to use when communicating between the Identity Provider web application and Service Provider web application.
  3. Click on the Next button.
  4. You should then be presented with the Identity Provider login page as you will be logging in at the Identity Provider web application, not the Service Provider web applicationSPloggedin

You have successfully completed a SAML 2.0 Single Sign-On and are logged in at the Service Provider with your Identity Provider user name.

NOTE for step 1 and 2: The user experience should be the same regardless of the binding selected. The only time when this is not the case is if the HTTP POST binding is selected and Javascript is disabled in which case the user will be presented with an intermediate form and a button they need to click.

How to configure?

You can easily configure the Service Provider web application by modifying the settings within its web.config file’s <appSettings> section:

Identity Provider Example Web Application

This sample is configured to run at port 1425 (you can easily change the port number in the project property page). The identity provider web application, in conjunction with Service Provider web application, demonstrates IdP initiated single sign-on. You can login to the local system with the user name iuser and a password of password.

How to configure?

You can easily configure the ID Provider web application by modifying the settings within its web.config file’s <appSettings> section:

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>