Skip to content

SAML Configuration API

SAML configuration may be supplied programmatically through a configuration delegate.

This approach is typically used when configuration is loaded from a database or other external source at application startup.

The following code adds the SAML services and specifies a SAML configuration delegate.

// Add SAML services.
builder.Services.AddSaml(samlConfigurations => 
    ConfigureSaml(samlConfigurations));

ConfigureSaml is an action delegate with the following signature.

private void ConfigureSaml(SamlConfigurations samlConfigurations)

Local Service Provider Example

The following is an example of setting the service provider configuration using a delegate.

In practice, these values are typically retrieved from a database or other external configuration store rather than being hard-coded.

public void ConfigureSaml(SamlConfigurations samlConfigurations)
{
    samlConfigurations.Configurations = new List<SamlConfiguration>()
    {
        new SamlConfiguration()
        {
            LocalServiceProviderConfiguration = new LocalServiceProviderConfiguration()
            {
                Name = "https://ExampleServiceProvider",
                Description = "Example Service Provider",
                AssertionConsumerServiceUrl = "https://localhost:44360/SAML/AssertionConsumerService",
                LocalCertificates = new List<Certificate>()
                {
                    new Certificate()
                    {
                        FileName = "certificates/sp.pfx",
                        Password = "password"
                    }
                }
            },
            PartnerIdentityProviderConfigurations = new List<PartnerIdentityProviderConfiguration>()
            {
                new PartnerIdentityProviderConfiguration()
                {
                    Name = "https://ExampleIdentityProvider",
                    Description = "Example Identity Provider",
                    SingleSignOnServiceUrl = "https://localhost:44313/SAML/SingleSignOnService",
                    SingleLogoutServiceUrl = "https://localhost:44313/SAML/SingleLogoutService",
                    PartnerCertificates = new List<Certificate>()
                    {
                        new Certificate()
                        {
                            FileName = "certificates/idp.cer"
                        }
                    }
                }
            }
        }
    };
}

Local Identity Provider Example

The following is an example of setting the identity provider configuration using a delegate.

In practice, these values are typically retrieved from a database or other external configuration store rather than being hard-coded.

public void ConfigureSaml(SamlConfigurations samlConfigurations)
{
    samlConfigurations.Configurations = new List<SamlConfiguration>()
    {
        new SamlConfiguration()
        {
            LocalIdentityProviderConfiguration = new LocalIdentityProviderConfiguration()
            {
                Name = "https://ExampleIdentityProvider",
                Description = "Example Identity Provider",
                SingleSignOnServiceUrl = "https://localhost:44313/SAML/SingleSignOnService",
                LocalCertificates = new List<Certificate>()
                {
                    new Certificate()
                    {
                        FileName = "certificates/idp.pfx",
                        Password = "password"
                    }
                }
            },
            PartnerServiceProviderConfigurations = new List<PartnerServiceProviderConfiguration>()
            {
                new PartnerServiceProviderConfiguration()
                {
                    Name = "https://ExampleServiceProvider",
                    Description = "Example Service Provider",
                    AssertionConsumerServiceUrl = "https://localhost:44360/SAML/AssertionConsumerService",
                    SingleLogoutServiceUrl = "https://localhost:44360/SAML/SLOService",
                    PartnerCertificates = new List<Certificate>()
                    {
                        new Certificate()
                        {
                            FileName = "certificates/sp.cer"
                        }
                    }
                }
            }
        }
    };
}

Updating SAML Configuration

The current SAML configuration may be accessed through dependency injection using IOptionsMonitor.

Updating the configuration in this way is intended for infrequent changes. For scenarios requiring frequent or per-request configuration changes, ISamlConfigurationResolver should be used instead.

The following is an example of accessing and updating the in-memory SAML configuration.

public class SamlController : Controller
{
    private readonly SamlConfigurations _samlConfigurations;

    public SamlController(IOptionsMonitor<SamlConfigurations> samlConfigurations)
    {
        _samlConfigurations = samlConfigurations.Value;
    }

    public async Task<IActionResult> UpdateConfiguration()
    {
        var samlConfiguration = _samlConfigurations.Configurations.First();

        // Update the SAML configuration.
        samlConfiguration.PartnerIdentityProviderConfigurations.Add(new PartnerIdentityProviderConfiguration()
        {
            Name = "https://ExampleIdentityProvider2",
            Description = "Example Identity Provider 2",
            SingleSignOnServiceUrl = "https://localhost:44314/SAML/SingleSignOnService",
            SingleLogoutServiceUrl = "https://localhost:44314/SAML/SingleLogoutService",
            PartnerCertificates = new List<Certificate>()
            {
                new Certificate()
                {
                    FileName = "certificates/idp2.cer"
                }
            }
        });

        return new EmptyResult();
    }
}