Forums, Documentation & Knowledge Base - ComponentSpace

SAML High-Level API


https://www.componentspace.com/forums/Topic45.aspx

By ComponentSpace - 2/21/2014

SAML Identity Provider APIs
The following APIs may be called when acting as an identity provider.

SAMLIdentityProvider.InitiateSSO
The InitiateSSO method sends a SAML response to the specified service provider as part of IdP-initiated SSO.
For example:
  
             SAMLIdentityProvider.InitiateSSO(
               Response,
               “testuser”,
               new Dictionary<string, string>() {
                   { “membership-level”, “platinum” },
                   { “membership-number”, “12345678” } },
               null,
               null);

  
The Response is used to send the SAML response to the service provider via the browser.
The second parameter is the name of the user.
The third parameter is the user’s optional attribute names and values.
The fourth parameter is the target service provider URL or null if the default page should be displayed.
The fifth parameter is the partner service provider’s name or null if there’s only one configured partner service provider.

SAMLIdentityProvider.ReceiveSSO
The ReceiveSSO method receives an authn request from a service provider as part of SP-initiated SSO.
For example:
  
             SAMLIdentityProvider.ReceiveSSO(
               Request,
               out partnerSP);

  
The Request is used to receive the authn request.
The partnerSP receives the name of the service provider that sent the authn request.

SAMLIdentityProvider.SendSSO
The SendSSO method sends a SAML response to the service provider as part of SP-initiated SSO.
For example:
  
             SAMLIdentityProvider.SendSSO(
               Response,
               “testuser”,
               new Dictionary<string, string>() {
                   { “membership-level”, “platinum” },
                   { “membership-number”, “12345678” } });

  
The Response is used to send the SAML response to the service provider via the browser.
The second parameter is the name of the user.
The third parameter is the user’s optional attribute names and values.

SAMLIdentityProvider.InitiateSLO
The InitiateSLO method sends a logout request to each service provider in session as part of IdP-initiated SLO.
For example:
  
             SAMLIdentityProvider.InitiateSLO(
               Response,
               null);

  
The Response is used to send the logout request to the service provider via the browser.
The second parameter is the logout reason or null if none.

SAMLIdentityProvider.ReceiveSLO
The ReceiveSLO method receives a logout request from a service provider as part of SP-initiated SLO or a logout response from a service provider as part of IdP-initiated SLO.
For example:
  
             SAMLIdentityProvider.ReceiveSLO(
               Request,
               Response,
               out isRequest,
               out hasCompleted,
               out logoutReason,
               out partnerSP);

  
The Request is used to receive the logout message.
The Response is used to send a logout message.
The isRequest receives the flag indicating whether a logout request or response has been received.
The hasCompleted receives the flag indicating whether the IdP-initiated SLO has completed.
The logoutReason receives the logout reason.
The partnerSP receives the name of the service provider that sent the logout message.

SAMLIdentityProvider.SendSLO
The SendSLO method sends a logout message to the service provider.
For example:
  
             SAMLIdentityProvider.SendSLO(
               Response,
               null);

  
The Response is used to send the logout message to the service provider via the browser.
The second parameter is the error message or null if none.

SAML Service Provider APIs
The following APIs may be called when acting as a service provider.

SAMLServiceProvider.InitiateSSO
 The InitiateSSO method sends an authn request to the specified identity provider as part of SP-initiated SSO.
 For example:
  
             SAMLServiceProvider.InitiateSSO(
               Response,
               null,
               null);

  
The Response object is used to send the authn request to the identity provider via the browser.
The second parameter is the relay state (e.g. target URL) or null if not required.
The third parameter is the partner identity provider’s name or null if there’s only one configured partner identity provider.

SAMLServiceProvider.ReceiveSSO
The ReceiveSSO method receives a SAML response from an identity provider as part of either IdP-initiated SSO or SP-initiated SSO.
For example:
  
             SAMLServiceProvider.ReceiveSSO(
               Request,
               out isInResponseTo,
               out partnerIdP,
               out userName,
               out attributes,
               out targetUrl);

  
The Request is used to receive the SAML response.
The isInResponseTo receives the flag indicating whether SAML response is in response to an authn request (i.e. SP-initiated SSO) or not (i.e. IdP-initiated SSO).
The partnerIdP receives the name of the identity provider.
The userName receives the name of the user.
The attributes receives the user’s optional attribute names and values.
The targetUrl receives the target service provider URL or null if the default page should be displayed.

SAMLServiceProvider.InitiateSLO
The InitiateSLO method sends a logout request to the identity provider as part of SP-initiated SLO.
For example:
  
             SAMLServiceProvider.InitiateSLO(
               Response,
               null,
               null);

  
The Response is used to send the logout request to the service provider via the browser.
The second parameter is the logout reason or null if none.
The third parameter is the partner identity provider’s name or null if there’s only one configured partner identity provider.

SAMLServiceProvider.ReceiveSLO
The ReceiveSLO method receives a logout request from a service provider as part of SP-initiated SLO or a logout response from a service provider as part of IdP-initiated SLO.
For example:
  
             SAMLServiceProvider.ReceiveSLO(
               Request,
               out isRequest,
               out logoutReason,
               out partnerIdP);

  
The Request is used to receive the logout message.
The isRequest receives the flag indicating whether a logout request or response has been received.
The logoutReason receives the logout reason.
The partnerIdP receives the name of the identity provider that sent the logout message.

SAMLServiceProvider.SendSLO
The SendSLO method sends a logout message to the identity provider.
For example:
  
             SAMLServiceProvider.SendSLO(
               Response,
               null);

  
The Response is used to send the logout message to the identity provider via the browser.
The second parameter is the error message or null if none.

Configuration Management
The high-level API is configuration driven. The configuration is described at:
http://www.componentspace.com/Forums/37/SAML-Configuration
http://www.componentspace.com/Forums/38/Storing-the-SAML-Configuration-in-a-Database

By ComponentSpace - 6/3/2015

Currently we don't expose this information through the API. It's something we could look at adding though.
Please contact us at [email protected] mentioning this topic.