Connecting Auth0 (IDP) and the Sustainsys SAML v2.0 for .NET Core stack

There’s some background here.

Our use case is:

Client → Sustainsys SAML stack → Auth0

There are a number of samples in the project, I’ve used the SampleAspNetCore2ApplicationNETFramework one.

The metadata for this project is at:

https://localhost:44342/saml2/

The change to Startup.cs is:

services.AddAuthentication()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("https://localhost:44342/Saml2");
options.IdentityProviders.Add(
new IdentityProvider(

new EntityId("urn:auth0-tenant.au.auth0.com"), options.SPOptions)
{
MetadataLocation = "https://auth0-tenant.au.auth0.com/samlp/metadata/iZGnWBv...bwuUii9Tsh"
});

options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));
});

The service certificate is required for enabling single logout (as SLO messages should be signed).

I followed this Auth0 guide for adding a custom SAML IDP provider.

With these settings, we can then configure Auth0 by following the instructions in the link above.

I created a new application called Sustainsys (a regular web application) .

Scroll down to the “Advanced Settings” link. Clicking on the “Endpoints” tab under “SAML” shows the endpoint information:

This is where you get the metadata URL to copy across to Sustainsys.

In the “SAML2 Web App” (under “Addons”), enter the callback URL:

By default, Auth0 uses SHA-1 while Sustainsys uses SHA-256. You need to change the settings as above to use SHA-256.

In the “Usage” tab:

Note the issuer. This is where you get the “EntityID” for Sustainsys.

Run the SP example application.

Select “Log in”.

Then select the SAML2 button.

This takes you the the Auth0 Lock login page:

Success!

All good!