Connecting Auth0 (IDP) and the ComponentSpace SAML v2.0 for .NET Core stack

I did a series of posts with the .NET version of ComponentSpace and Auth0.

ComponentSpace also have a .NET Core version of the stack

Auth0 will be the IDP and ComponentSpace will be the SP.

You need the ComponentSpace SAML stack .NET Core code with all the examples.

I will use the example code in this post. Normally, you would create your own project and reference the ComponentSpace dll.

The ComponentSpace SP example code is at:

\SAML for .NET Core\Examples\SSO\ExampleServiceProvider

in the .NET Core code.

(Note: “Auth0Tenant” below is the name of your Auth0 tenant).

I followed this Auth0 guide for adding a custom SAML IDP provider.

In the ComponentSpace appsettings.json (at the end), update the “PartnerName” entry:

“PartnerName”: “urn:Auth0Tenant.au.auth0.com”

Create a new section in the appsettings.json:

{
 “Name”: “urn:Auth0Tenant.au.auth0.com”,
 “Description”: “Auth0 Identity Provider”,
 “SignAuthnRequest”: true,
 “SingleSignOnServiceUrl”: “https://Auth0Tenant.au.auth0.com/samlp/R2CRaY7J5JbCTkyuUhtGM4DScPZnaxTf",
 “SingleLogoutServiceUrl”: “https://localhost:44313/SAML/SingleLogoutService",
 “ArtifactResolutionServiceUrl”: “https://localhost:44313/SAML/ArtifactResolutionService",
 “PartnerCertificates”: [
 {
 “FileName”: “certificates/Auth0Tenant.cer”
 }
 ]
 },

The MVC Example Service Provider is configured to run at:

https://localhost:44360/

With these settings, we can then configure Auth0 by following the instructions in the link above.

I created a new application called ComponentSpaceCoreApp.

Scroll down to the “Advanced Settings” link

Download the certificate — choose the .cer option.

Save it in:

…\SAML for .NET Core\Examples\SSO\ExampleServiceProvider\Certificates

Note: This ties up with the entry in the application.json:

“FileName”: “certificates/Auth0Tenant.cer”

Clicking on the “Endpoints” tab under “SAML” shows the endpoint information:

Note: This ties up with the entry in the application.json:

“SingleSignOnServiceUrl”: “https://Auth0Tenant.au.auth0.com/samlp/R2CRaY7J5JbCTkyuUhtGM4DScPZnaxTf",

Note that your configuration will have different “GUID” after the “samlp”. You will need to update this in the configuration.

In the “SAML2 Web App”, enter the callback URL:

Run the SP example application.

Click the “SSO” link:

This brings up the Auth0 lock screen (the login screen).

The social providers at the top are because of the way I have configured Auth0. Ignore and login with the user name and password of one of your Auth0 users.

And you get:

Exception: The user auth0|59c4557f739808496042aaa4 couldn’t be created — Failed : InvalidUserName

This is because the example code includes the option to automatically provision the user.

The default mapping in the “SAML2 Web App” maps “user_id” to the NameID.

// “user_id”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier",

The user_id of the authenticated Auth0 user is in the form:

auth0|59c4557f739808496042aaa4

and the user manager in the example doesn’t like this format.

So change the mapping to use e.g. “name” as in the screen shot above.

{
 “mappings”: {
 “name”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"
 }
}

Then you will be able to login successfully.

All good!