Rory Braybrook
Oct 22, 2018 · 2 min read

Connecting Auth0 (IDP) and the Sustainsys SAML v2.0 for .NET Core stack

There’s some background here.

Our use case is:

Client → Sustainsys SAML stack → Auth0

There are a number of samples in the project, I’ve used the SampleAspNetCore2ApplicationNETFramework one.

The metadata for this project is at:

https://localhost:44342/saml2/

The change to Startup.cs is:

services.AddAuthentication()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("https://localhost:44342/Saml2");
options.IdentityProviders.Add(
new IdentityProvider(

new EntityId("urn:auth0-tenant.au.auth0.com"), options.SPOptions)
{
MetadataLocation = "https://auth0-tenant.au.auth0.com/samlp/metadata/iZGnWBv...bwuUii9Tsh"
});

options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));
});

The service certificate is required for enabling single logout (as SLO messages should be signed).

I followed this Auth0 guide for adding a custom SAML IDP provider.

With these settings, we can then configure Auth0 by following the instructions in the link above.

I created a new application called Sustainsys (a regular web application) .

Scroll down to the “Advanced Settings” link. Clicking on the “Endpoints” tab under “SAML” shows the endpoint information:

This is where you get the metadata URL to copy across to Sustainsys.

In the “SAML2 Web App” (under “Addons”), enter the callback URL:

By default, Auth0 uses SHA-1 while Sustainsys uses SHA-256. You need to change the settings as above to use SHA-256.

In the “Usage” tab:

Note the issuer. This is where you get the “EntityID” for Sustainsys.

Run the SP example application.

Select “Log in”.

Then select the SAML2 button.

This takes you the the Auth0 Lock login page:

Success!

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Azure AD/ADFS. Plus Auth0. North Shore .NET User Group Admin. Ignite - http://bit.ly/2D05Uh7 YouTube - http://bit.ly/2lzBqXQ

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.