Rory Braybrook
Oct 22, 2018 · 2 min read

Connecting Auth0 (IDP) and the Sustainsys SAML v2.0 for .NET Core stack

There’s some background here.

Our use case is:

Client → Sustainsys SAML stack → Auth0

There are a number of samples in the project, I’ve used the SampleAspNetCore2ApplicationNETFramework one.

The metadata for this project is at:

https://localhost:44342/saml2/

The change to Startup.cs is:

services.AddAuthentication()
.AddSaml2(options =>
{
options.SPOptions.EntityId = new EntityId("https://localhost:44342/Saml2");
options.IdentityProviders.Add(
new IdentityProvider(

new EntityId("urn:auth0-tenant.au.auth0.com"), options.SPOptions)
{
MetadataLocation = "https://auth0-tenant.au.auth0.com/samlp/metadata/iZGnWBv...bwuUii9Tsh"
});

options.SPOptions.ServiceCertificates.Add(new X509Certificate2("Sustainsys.Saml2.Tests.pfx"));
});

The service certificate is required for enabling single logout (as SLO messages should be signed).

I followed this Auth0 guide for adding a custom SAML IDP provider.

With these settings, we can then configure Auth0 by following the instructions in the link above.

I created a new application called Sustainsys (a regular web application) .

Scroll down to the “Advanced Settings” link. Clicking on the “Endpoints” tab under “SAML” shows the endpoint information:

This is where you get the metadata URL to copy across to Sustainsys.

In the “SAML2 Web App” (under “Addons”), enter the callback URL:

By default, Auth0 uses SHA-1 while Sustainsys uses SHA-256. You need to change the settings as above to use SHA-256.

In the “Usage” tab:

Note the issuer. This is where you get the “EntityID” for Sustainsys.

Run the SP example application.

Select “Log in”.

Then select the SAML2 button.

This takes you the the Auth0 Lock login page:

Success!

All good!

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Rory Braybrook

Written by

NZ Microsoft Identity dude. Microsoft MVP. Azure AD/B2C/ADFS. Plus Auth0/identityserver. N. Shore .NET UG Admin. Presentations: http://bit.ly/334ZPt5

The new control plane

“Identity is the new control plane”. Articles around Microsoft Identity, Auth0 and identityserver. Click the “Archive” link at the bottom for more posts.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade