I’m happy to announce an open source ASP.NET SAML2 Service Provider. SAML2 is a common standard for single sign on in enterprise environments. A Service Provider in SAML2 is a web site that allows log on through SAML2 Identity Provider (IdP). Implementing a Service Provider requires issuing authentication requests (AuthnRequest) and handling the returned response.
Please check the Kentor.AuthServices tag for the latest posts and news. The information in this post is quite old and mostly outdated.
At Kentor we have seen an increase in the demand for using SAML2 authentication from our customers. When doing a recent project we didn’t find any suitable component, so we had to roll our own. Knowing that we would need to do this more times for other applications we decided to write a more general, standalone component that we can reuse in other projects. We are now also releasing it as open source for anyone to use for free.
The Kentor.AuthServices Library
The library is hosted at github and is released under an LGPL license. We chose that license because while it should be possible to use the library in closed source and commercial solutions, we want the library itself and any improvements to it to remain open source.
The core part of the library is the Saml2AuthenticationModule IIS module that handles the authentication. In the most simple case, it is possible to add the IIS module to configuration and get federated authentication without a single line of code to write. There is a sample ASP.NET MVC application available that uses the library and shows how to call it.
With .NET 4.5 a new base class for identities was introduced: the ClaimsIdentity class. The reason is that Windows Identity Foundation has been fully incorporated into the .NET framework and it has really improved the .NET identity model.
What is a Claim?
This might be a stupid question – but I’ve had a hard time to find a definition on what a claims identity is that feels natural. (It might be a language issue as I’m not a native English speaker and find the word claim somewhat hard to translate properly to Swedish).
I prefer to explain a claim as a piece of fact. A claims identity is a set of claims or facts, bundled together in an identity. Each claim is made up of a key and a value. An example identity for me could contain these claims:
So far this is just a set of claims or facts. Being structured as a list of keys and values, it can contain pretty much whatever you want. In this case I’ve used the wellknown types for standard parameters, but you can define your own too. Thanks to the flexible structure, any kind of identity can be expressed as a claims identity. It is not only possible – it is used! The old identity classes have all been rewritten to inherit from the new ClaimsIdentity class.