I’m happy to announce an open source ASP.NET SAML2 Service Provider. SAML2 is a common standard for single sign on in enterprise environments. A Service Provider in SAML2 is a web site that allows log on through SAML2 Identity Provider (IdP). Implementing a Service Provider requires issuing authentication requests (AuthnRequest) and handling the returned response.
At Kentor we have seen an increase in the demand for using SAML2 authentication from our customers. When doing a recent project we didn’t find any suitable component, so we had to roll our own. Knowing that we would need to do this more times for other applications we decided to write a more general, standalone component that we can reuse in other projects. We are now also releasing it as open source for anyone to use for free.
The Kentor.AuthServices Library
The library is hosted at github and is released under an LGPL license. We chose that license because while it should be possible to use the library in closed source and commercial solutions, we want the library itself and any improvements to it to remain open source.
The core part of the library is the
Saml2AuthenticationModule IIS module that handles the authentication. In the most simple case, it is possible to add the IIS module to configuration and get federated authentication without a single line of code to write. There is a sample ASP.NET MVC application available that uses the library and shows how to call it.
Please Review the Code!
Being a security sensitive library I would be extremely grateful for any code review being done – especially security reviews and checking that the validation of incoming tokens is done correctly. It is so easy to make a mistake and even a tiny one could compromise a site that uses the library.
I’m of course happy if anyone would like to contribute to make the library more complete. I’ve added a bunch of issues with things I would like to add if I have time.
Let me Know!
Finally I would be very interested in any feedback if you have tried the library. Did it work? If not, what didn’t? Do you have any suggestions for more features? Do you know of any other similar component that would be better to use than starting from scratch (don’t tell me I’ve wasted my time writing a component just because I’m bad at googling)?
Please leave a comment below or drop me a mail and let me know about your experiences.