Connecting Auth0 (IDP) and the ComponentSpace SAML v2.0 for .NET Core stack
I did a series of posts with the .NET version of ComponentSpace and Auth0.
ComponentSpace also have a .NET Core version of the stack
Auth0 will be the IDP and ComponentSpace will be the SP.
You need the ComponentSpace SAML stack .NET Core code with all the examples.
I will use the example code in this post. Normally, you would create your own project and reference the ComponentSpace dll.
The ComponentSpace SP example code is at:
… \SAML for .NET Core\Examples\SSO\ExampleServiceProvider
in the .NET Core code.
(Note: “Auth0Tenant” below is the name of your Auth0 tenant).
I followed this Auth0 guide for adding a custom SAML IDP provider.
In the ComponentSpace appsettings.json (at the end), update the “PartnerName” entry:
“PartnerName”: “urn:Auth0Tenant.au.auth0.com”
Create a new section in the appsettings.json:
{
“Name”: “urn:Auth0Tenant.au.auth0.com”,
“Description”: “Auth0 Identity Provider”,
“SignAuthnRequest”: true,
“SingleSignOnServiceUrl”: “https://Auth0Tenant.au.auth0.com/samlp/R2CRaY7J5JbCTkyuUhtGM4DScPZnaxTf",
“SingleLogoutServiceUrl”: “https://localhost:44313/SAML/SingleLogoutService",
“ArtifactResolutionServiceUrl”: “https://localhost:44313/SAML/ArtifactResolutionService",
“PartnerCertificates”: [
{
“FileName”: “certificates/Auth0Tenant.cer”
}
]
},
The MVC Example Service Provider is configured to run at:
With these settings, we can then configure Auth0 by following the instructions in the link above.
I created a new application called ComponentSpaceCoreApp.
Scroll down to the “Advanced Settings” link
Download the certificate — choose the .cer option.
Save it in:
…\SAML for .NET Core\Examples\SSO\ExampleServiceProvider\Certificates
Note: This ties up with the entry in the application.json:
“FileName”: “certificates/Auth0Tenant.cer”
Clicking on the “Endpoints” tab under “SAML” shows the endpoint information:
Note: This ties up with the entry in the application.json:
“SingleSignOnServiceUrl”: “https://Auth0Tenant.au.auth0.com/samlp/R2CRaY7J5JbCTkyuUhtGM4DScPZnaxTf",
Note that your configuration will have different “GUID” after the “samlp”. You will need to update this in the configuration.
In the “SAML2 Web App”, enter the callback URL:
Run the SP example application.
Click the “SSO” link:
This brings up the Auth0 lock screen (the login screen).
The social providers at the top are because of the way I have configured Auth0. Ignore and login with the user name and password of one of your Auth0 users.
And you get:
Exception: The user auth0|59c4557f739808496042aaa4 couldn’t be created — Failed : InvalidUserName
This is because the example code includes the option to automatically provision the user.
The default mapping in the “SAML2 Web App” maps “user_id” to the NameID.
// “user_id”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",
The user_id of the authenticated Auth0 user is in the form:
auth0|59c4557f739808496042aaa4
and the user manager in the example doesn’t like this format.
So change the mapping to use e.g. “name” as in the screen shot above.
{
“mappings”: {
“name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
}
}
Then you will be able to login successfully.
All good!