+xThere isn't a direct correlation between the two APIs. They are functionally equivalent and there are similarities but it's not a direct one-to-one correlation. We don't have a migration guide for moving to the SAML low-level API for ASP.NET Core as the vast majority of developers will use the SAML high-level API. The SAML high-level API is the recommended approach, if possible. The examples tie into ASP.NET Core's authentication model but there's no requirement to do this. You can use any authentication model you like. For example, our ExampleWebApi project translates a SAML assertion into a JWT for subsequent authorized web API calls. I recommend first determining whether you actually have to use the SAML low-level API. If you do, you'll find the APIs under the ComponentSpace.Saml2.* namespaces. For example, the SamlResponse class is under ComponentSpace.Saml2.Protocols and SamlAssertion is under ComponentSpace.Saml2.Assertions. All the APIs are documented in our Reference Guide. https://www.componentspace.com/Forums/9357/Reference-Guide Thank you so much for your response! It seems the version I had didn't have that test project but the newer ones I downloaded from the trial did. After some digging through the decompiled source I was able to find some pretty close .net core versions of the API. For anyone curious, SAML.FromBase64String(samlBase64String); becomes, var receiveResult = new ReceiveResult() { Binding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" }; receiveResult.Message = Encoding.UTF8.GetString(Convert.FromBase64String(samlBase64String)); var samlMessageXmlDocument = new XmlDocument() { PreserveWhitespace = true, XmlResolver = null }; var settings = new XmlReaderSettings() { DtdProcessing = DtdProcessing.Ignore, XmlResolver = null }; using (var reader = XmlReader.Create(new StringReader(receiveResult.Message), settings)) { samlMessageXmldocument.Load(reader); } var samlMessage = samlMessageXmldocument.DocumentElement; var samlResponse = new SamlResponse(samlMessage); SAMLValidator becomes, var samlValidator = new SamlSchemaValidator(); var validated = samlValidator.Validate(samlMessage);
For asserting signed, inject IXmlSignature (make sure to do serviceCollection.AddSaml() for .NET Core) var signedAssertion = samlResponse.GetSignedAssertion(); var signedAssertionParsed = new SamlAssertion(signedAssertion); xmlSignatureService.Verify(signedAssertion, Startup.MetadataPublicKey.PublicKey.Key)
And you're right, at some point in the future this would probably be better converted over to entirely integrate with ASP.NET using ISamlServiceProvider, I just didn't have the time to look into it.
|