I see this question over on stackoverflow every day.
“My boss says we have to make the application SAML compliant so we can authenticate with a SAML IDP. I’m lost”
“I’m trying to build up a SAML Request with the C# class xxx and it’s not working”.
First off, do not try and roll your own. SAML is complicated — just ask the people that wrote the stacks 😄
Let’s have a look at what’s out there:
(and chocolate fish for nzpcmad for his contribution).
Some of these are commercial; some are written and maintained by dedicated people who do a superb job. If you use their stack, please consider donating.
Disclaimer: I have not personally tried all of these — “*” marks the ones I have used.
Once upon a time, Microsoft announced the WIF Extension for SAML 2.0. It never went anywhere, there were never any bug fixes, it was deprecated and the links have been removed. It was only applicable for .NET 3.5 and was buggy.
There is NO repeat NO official Microsoft C# client-side SAML protocol stack.
OneLogin has implemented and open-sourced SAML toolkits for five different web development platforms.
These are ASP.NET, Python, Ruby, PHP and Java.
2. Sustainsys *
The Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider (SP).
The library was previously named Kentor.AuthServices.
They have implemented a stack for .Net Core 2 — use this version.
It can also be is a plugin for Indentityserver 4 (SP only).
Owin middleware to implement the SAML2 Protocol as a Service Provider.
Have a look at Owin.Security.Saml
This is a Danish contribution and the web site is in Danish.
A .NET implementation of the SAML 2.0 specification for SP integrations.
6. Safewhere SAML2
SAML 2.0 for WIF is a DLL-file that extends the Windows Identity Foundation with native support for the SAML 2.0 protocol.
A very simple SAML 2.0 “consumer” implementation in C# (i.e. allows adding SAML single-sign-on to your ASP.NET app, but not to provide auth services to other applications).
Onelogin and OIOSAML as above.
OpenSAML is a set of open source C++ & Java libraries meant to support developers working with the Security Assertion Markup Language (SAML). OpenSAML 2, the current version, supports SAML 1.0, 1.1, and 2.0.
2. Spring Security
Spring Security SAML Extension allows seamless combination of SAML 2.0 and authentication and federation mechanisms in a single application.
All products supporting SAML 2.0 in Identity Provider mode (e.g. ADFS, Okta, Shibboleth, OpenAM, Efecte EIM or Ping Federate) can be used to connect with the extension.
This library speaks the WS-Federation protocol and SAML 1.1 and 2.0 tokens. It interops fine with Microsoft-related products like ADFS, Windows Azure Active Directory and Windows Identity Foundation.
OneLogin as above.
SimpleSAMLphp is an award-winning application written in native PHP that deals with authentication. The project is led by UNINETT, has a large user base, a helpful user community and a large set of external contributors. The main focus of SimpleSAMLphp is providing support for:
OneLogin as above.
- OneLogin as above.
PySAML2 is a pure Python implementation of SAML2. It contains all necessary pieces for building a SAML2 service provider or an identity provider.
1. Passport SAML
The original implementation.
This is a SAML 2.0 authentication provider for Passport, the Node.js authentication library.
The code was originally based on Michael Bosworth’s express-saml library.
Passport-SAML has been tested to work with Onelogin, Okta, Shibboleth, SimpleSAMLphp based Identity Providers, and with Active Directory Federation Services.
2. Passport SAML (bergie)
This is “bergie SAML”, an alternative fork of Passport SAML
3. saml2.js (“clever SAML”)
saml2-js is a node module that abstracts away the complexities of the SAML protocol behind an easy to use interface.
1. ComponentSpace *
ComponentSpace SAML SSO solutions are fully functional and flexible components that quickly and easily plug directly into your existing ASP.NET and ASP.NET Core web applications.
There is also a SAML v2.0 for ASP.NET Core product.
It can also be is a plugin for Indentityserver 4.
2. Rock Solid Knowledge *
This is for .NET Core 2 and is a plugin for Indentityserver 4.
Rock Solid Knowledge
Identity aaS (as a service)
There are a number of SaaS products that can handle SAML.
Just for completeness!
Tools to diagnose ADFS. Includes SAML functionality.
Set of SAML tools.
3. SAML decoder
Decoder from Auth0.