Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

The SAML SP Metadata is available publicly in XML format from the address /spsso.ashx/saml2/metadata.xml. See Listing 1 for the example address.

Code Block
languagetext
themeRDark
titleListing 1. Address for SAML SP Metadata in XML format
https://sp.example.com/webapp/spsso.ashx/saml2/metadata.xml

...

Expand
titleListing 2. Reference web.config configuration file using IIS6 or IIS7/7.5 Classic Mode


Code Block
languagetext
themeRDark
titleListing 2. Reference web.config configuration file using IIS6 or IIS7/7.5 Classic Mode
<?xml version="1.0"?>
<!--
	Please Note!
	This web.config file is NOT a complete configuration file for your web application.
	You may however use this file as reference when applying configuration
	settings to your web application.
-->
<configuration>

	<system.diagnostics>
		<switches>
			<add name="Ubisecure.SAML2" value="Information"/>
			<add name="Ubisecure.SAML2.ServiceProvider" value="Information"/>
		</switches>
	</system.diagnostics>

	<appSettings>
		<!-- either ServiceProvider.EntityID or ServiceProvider.StorePath is required -->
		<!-- <add key="ServiceProvider.EntityID" value=" Insert entityID "/> -->
		<!-- <add key="ServiceProvider.StorePath" value=" INSERT PATH TO SETTINGS DIRECTORY "/> -->

		<!-- ServiceProvider.Role specifies a default role for all users -->
		<!-- <add key="ServiceProvider.Role" value=""/> -->

		<!-- ServiceProvider.UsernameAttribute gets the user's name from an attribute -->
		<!-- <add key="ServiceProvider.UsernameAttribute" value=""/> -->

		<!-- ServiceProvider.Netmask adjusts the network address tolerance -->
		<!-- <add key="ServiceProvider.Netmask" value="255.255.255.255"/> -->
	</appSettings>

	<system.web>

		<!-- If Ubisecure.SAML2.ServiceProvider is not already installed in .Net global assembly cache. the
following section is required -->
			<compilation>
			<assemblies>
				<add assembly="Ubisecure.SAML2.ServiceProvider, Version=1.23.0.0, Culture=neutral,
					PublicKeyToken=e76714ff33c956b5"/>
			</assemblies>
		</compilation>

		<authentication mode="Forms" >
			<forms loginUrl="~/spsso.ashx"
					<!-- Inactivity timeout in minutes -->
					timeout="10"
					<!—Set true or false depending on desired inactivity timeout behaviour -->
					slidingExpiration="false"
			/>
		</authentication>

		<authorization>
			<deny users="?"/>
			<allow users="*"/>
		</authorization>

		<httpModules>
			<remove name="FormsAuthentication"/>
			<add name="ServiceProviderAuthentication"
				type="Ubisecure.SAML2.ServiceProvider.Security.ServiceProviderAuthenticationModule,
					Ubisecure.SAML2.ServiceProvider, Version=1.32.0.0, Culture=neutral,
					PublicKeyToken=e76714ff33c956b5"/>
		</httpModules>

	</system.web>

	<location path="spsso.ashx">

		<system.web>
			<httpHandlers>
				<clear/>
				<add verb="" path=""
					type="Ubisecure.SAML2.ServiceProvider.Security.ServiceProviderHandler,
						Ubisecure.SAML2.ServiceProvider, Version=1.23.0.0, Culture=neutral,
						PublicKeyToken=e76714ff33c956b5"/>
			</httpHandlers>
		</system.web>
	</location>
</configuration>


...

Expand
titleListing 3. Reference web.config configuration file using IIS7/IIS7.5 integrated pipeline mode


Code Block
languagetextthemeRDark
titleListing 3. Reference web.config configuration file using IIS7/IIS7.5 integrated pipeline mode
<?xml version="1.0"?>
<!--
	Please Note!
	This web.config file is NOT a complete configuration file for your web application.
	You may however use this file as reference when applying configuration
	settings to your web application.
-->
<configuration>

	<system.diagnostics>
		<switches>
			<add name="Ubisecure.SAML2" value="Information"/>
			<add name="Ubisecure.SAML2.ServiceProvider" value="Information"/>
		</switches>
	</system.diagnostics>

	<appSettings>
		<!-- either ServiceProvider.EntityID or ServiceProvider.StorePath is required -->
		<!-- <add key="ServiceProvider.EntityID" value=" Insert entityID "/> -->
		<!-- <add key="ServiceProvider.StorePath" value=" INSERT PATH TO SETTINGS DIRECTORY "/> -->

		<!-- ServiceProvider.Role specifies a default role for all users -->
		<!-- <add key="ServiceProvider.Role" value=""/> -->

		<!-- ServiceProvider.UsernameAttribute gets the user's name from an attribute -->
		<!-- <add key="ServiceProvider.UsernameAttribute" value=""/> -->

		<!-- ServiceProvider.Netmask adjusts the network address tolerance -->
		<!-- <add key="ServiceProvider.Netmask" value="255.255.255.255"/> -->
	</appSettings>

	<system.web>

		<authentication mode="Forms" >
			<forms loginUrl="~/spsso.ashx" slidingExpiration="true"/>
		</authentication>

		<authorization>
			<deny users="?"/>
			<allow users="*"/>
		</authorization>

	</system.web>

	<system.webServer>
		<modules>
			<remove name="FormsAuthentication"/>
			<add name="ServiceProviderAuthentication"
				type="Ubisecure.SAML2.ServiceProvider.Security.ServiceProviderAuthenticationModule,
					Ubisecure.SAML2.ServiceProvider, Version=1.23.0.0, Culture=neutral,
					PublicKeyToken=e76714ff33c956b5"/>
		</modules>
	</system.webServer>

	<location path="spsso.ashx">
		<system.webServer>
			<handlers>
				<clear/>
				<add name="ServiceProviderHandler"
					verb="" path=""
					type="Ubisecure.SAML2.ServiceProvider.Security.ServiceProviderHandler,
						Ubisecure.SAML2.ServiceProvider, Version=1.23.0.0, Culture=neutral,
						PublicKeyToken=e76714ff33c956b5"/>
			</handlers>
		</system.webServer>
	</location>
</configuration>


...

The application may query information about the authenticated user using the standard .NET API of HttpContext.User. This property returns an object of type IPrincipal when an authentication session has been established. If the user has not logged in, the identity will be null. Use the IPrincipal.Identity property to access the IAssertionIdentity object.

Code Block
languagetextthemeRDark
titleListing 4. Using HttpContext.User to access IAssertionIdentity
IAssertionIdentity identity = HttpContext.Current.User.Identity as IAssertionIdentity;
if(identity == null)
{
	throw new HttpException("Access denied", 403);
}


Code Block
languagetext
themeRDark
titleListing 5. Using HttpContext.User to access IAssertionIdentity in C#
<%@Page Language="C#"%>
<html xmlns="http://www.w3.org/1999/xhtml" >
<body>
	<p>Request.IsAuthenticated=<%= Request.IsAuthenticated %></p>
	<p>Context.User.Identity.Name=<%= HttpUtility.HtmlEncode(Context.User.Identity.Name) %></p>
	<p>Context.User.Type=<%= Context.User.GetType().FullName %></p>
	<p>Context.User.Identity.Type=<%= Context.User.Identity.GetType().FullName %></p>
	<p>
	[<a href="spsso.ashx/saml2/SingleLogoutService">Logout</a>]
	</p>
</body>
</html>

...

The inactivity timeout for an application is set in the Forms Authentication settings section of the web.config configuration file.

Code Block
languagetextthemeRDark
titleListing 6. Timeout Settings in web.config
<authentication mode="Forms" >
	<forms loginUrl="~/spsso.ashx"
		<!-- Inactivity timeout in minutes. Must be set lower than the value in
		Ubilogin Server Management -->
		timeout="10"
		slidingExpiration="false"
	/>
</authentication>

...

Logout procedure will start if the user is redirected to the single logout endpoint. The single logout endpoint URL is /spsso.ashx/saml2/SingleLogoutService relative to the applications context path. A relative return URL may optionally be specified with a request parameter ReturnUrl. If no ReturnUrl is specified, the user is returned to the application root.

Code Block
theme
languagetextRDark
titleListing 7. SingleLogoutService
https://sp.example.com/webapp/spsso.ashx/saml2/SingleLogoutService

[<a href=" [https://sp.example.com/webapp/spsso.ashx/saml2/|https://sp.example.com/webapp/spsso.ashx/saml2/] ^
SingleLogoutService?ReturnUrl=/webapp/loggedout.htm ">Logout</a>

...

Examples

Code Block
languagetext
themeRDark
titleListing 8. LoginError event handler in file global.asax
void ServiceProviderAuthentication_LoginError(object sender, Ubisecure.SAML2.ServiceProvider.Event.LoginErrorEventArgs e)
{
	Response.Redirect("~/Error.aspx");
}


Code Block
languagetextthemeRDark
titleListing 9. Application_Error event handler in file global.asax
HttpApplication.Error event handler global.asax tiedostoon
	void Application_Error(object sender, EventArgs e)
	{
		Response.Redirect("~/Error.aspx");
	}


Code Block
theme
languagetextRDark
titleListing 10. Generic custom LoginError event handler error configuration in file web.config
<system.web>
	<customErrors mode="On">
		<error statusCode="500" redirect="~/Error.aspx"/>
	</customErrors>
</system.web>

...

For complete technical descriptions of the API interface, please refer to the HTML document in the Docs subdirectory. By default, this is installed at:

Code Block
languagetextthemeRDark
Windows 2003:

C:\Program Files\Ubisecure\Ubisecure.SAML2.ServiceProvider\Docs \Ubisecure.SAML2.ServiceProvider.html

Windows 2008/2012:

C:\ProgramData\Ubisecure\Ubisecure.SAML2.ServiceProvider\Docs\Ubisecure.SAML2.ServiceProvider.html

...