For the life of me I can't get the integration to work. The document states to use "AddSamlMiddleware" if you don't want to provide your own saml controller. I tried that but the configured "/SAML/SingleSignOnService" idp endpoint returns a 404. I tried providing the sample samlcontroller.cs from the integration docs and removing AddSamlMiddleware, but then it complained no middleware was registered for SAML. I tried including both but still a no go. Compounding the difficulty is you have no full working sample, just incomplete snippets. The document even links to a snippet of the SamlController.cs for the idp but leads to a snippet of the startup class instead. Also the standard startup class has changed and it's not clear in which order the UseSaml and app.use statements belong. Could you verify this integration works and if possible provide a sample project, thank you. Edit, adding the following attributes to the controller helped move forward, but would still like info on if samlcontroller is required if just using addsamlmiddleware: [ApiController] [Route("[controller]/[action]")] Edit 2: As a secondary question how to I get the email of the user into the returned SAML claims? Normally in IdentityServer4 this is configured in the clients scopes, but it's not clear how to do that with the CS Saml component since there's not client configured for it. Edit 3: Using the IdentityServer4 Quickstart I added the email claim manually in SamlController like this, is this the right approach?: private readonly TestUserStore _users; Added the following bolded items to the constructor of SamlController: public SamlController( ISamlIdentityProvider samlIdentityProvider, IIdentityServerInteractionService identityServerInteractionService, IMessageStore<LogoutMessage> logoutMessageStore, TestUserStore users = null) { _samlIdentityProvider = samlIdentityProvider; _identityServerInteractionService = identityServerInteractionService; _logoutMessageStore = logoutMessageStore;
// if the TestUserStore is not in DI, then we'll just use the global users collection // this is where you would plug in your own custom identity management library (e.g. ASP.NET Identity) _users = users ?? new TestUserStore(TestUsers.Users);
}
Then in the "CompleteSsoAsync" method I added:
var user = _users.FindByUsername(userName); var emailClaim = user.Claims.FirstOrDefault(c => c.Type == "email"); attributes.Add(new SamlAttribute(ClaimTypes.Email, emailClaim.Value));
|