ComponentSpace

Forums



Receiving Response from SAMLServiceProvider.ReceiveSSO


Receiving Response from SAMLServiceProvider.ReceiveSSO

Author
Message
s k
s k
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Forum Members
Posts: 8, Visits: 74
Is there a way to receive response on Identity provider from Service provider, after SAMLServiceProvider.ReceiveSSO is called.


ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Did you want access to the raw SAML response XML?

If so, may I ask why you need this access?

The SAML response XML is available through the SAML low-level API but it isn't exposed in the high-level API (SAMLServiceProvider.ReceiveSSO etc). Normally you don't require the details of the raw SAML response.




Regards
ComponentSpace Development
s k
s k
New Member
New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)New Member (15 reputation)

Group: Forum Members
Posts: 8, Visits: 74

Basically What happening is my application acts as IDP and we are calling API as SP. When we send attributes from IDP in SP it validates them and then send a reply with link to navigate to another website.
So my question was how to receive the response back from SP
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Sorry, I'm still a little confused.

Is this part of a browser-based SAML SSO flow?

The API call won't be part of the SAML SSO as API calls aren't defined in the SAML specification.

Does the API call happen after SSO completes?

Is the SP making an API call to the IdP or vice versa?

Are the SAML attributes to be included in the API call? If so, in what format?

Regards
ComponentSpace Development
thinktime
thinktime
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 27, Visits: 144
i need to run SAMLValidator -> Validate.
how can i do it, without XML itself?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The SAMLValidator class, under the ComponentSpace.SAML2.Schemas namespace, validates the supplied XML against the SAML XML Schemas.

It's checking whether the supplied SAML message, SAML assertion or SAML metadata XML complies with these schemas.

I'm not sure what you mean by "without XML itself". You need to supply the XML that's to be validated against the schema.

Regards
ComponentSpace Development
thinktime
thinktime
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 27, Visits: 144
sorry, some explanation.
From your post.
Did you want access to the raw SAML response XML?
If so, may I ask why you need this access?
The SAML response XML is available through the SAML low-level API but it isn't exposed in the high-level API (SAMLServiceProvider.ReceiveSSO etc). Normally you don't require the details of the raw SAML response.

If so, may I ask why you need this access? - I need it to validate the supplied XML against the SAML XML Schemas after  SAMLServiceProvider.ReceiveSSO called, or before. Doesn't matter in fact. 
So, my goal is to validate the assertion and if it's not validated, deny login. How can i implement it without low-level API?
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
The call to SAMLServiceProvider.ReceiveSSO does this for you. It will validate the SAML response XML against the XML schemas. If there's an issue, it will throw an exception.

This is controlled through the SAMLController.ValidateMessagesAgainstSchema property.

At application start-up, set this property to true.


SAMLController.ValidateMessagesAgainstSchema = true;




Regards
ComponentSpace Development
thinktime
thinktime
New Member
New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)New Member (29 reputation)

Group: Forum Members
Posts: 27, Visits: 144
perfect. thanks for the help.
last question.By default SAMLController.ValidateMessagesAgainstSchema is false? i don't see what is the default value in documentation https://www.componentspace.com/documentation/saml-for-asp-net/reference/api/ComponentSpace.SAML2.SAMLController.html#ComponentSpace_SAML2_SAMLController_ValidateMessagesAgainstSchema
ComponentSpace
ComponentSpace
ComponentSpace Development
ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)ComponentSpace Development (4.4K reputation)

Group: Administrators
Posts: 3.2K, Visits: 11K
Yes. Currently we default to false. I know at some stage we defaulted to true but I can't remember why we changed this. There's a small performance overhead, of course, but this is very minor and shouldn't be an issue.

Regards
ComponentSpace Development
GO


Similar Topics


Execution: 0.000. 2 queries. Compression Enabled.
Login
Existing Account
Email Address:


Password:


Select a Forum....












Forums, Documentation & Knowledge Base - ComponentSpace


Search