Skip to content

SAML API

The SAML API supports web applications acting as either a SAML service provider (SP) or identity provider (IdP), and participating in SAML single sign-on (SSO) and single logout (SLO).

For full details of all public APIs, refer to the API reference.

Middleware vs API

When adding SSO support to your application, you have a choice between:

Approach When to Use Key Benefits
SAML middleware - Standard SSO integration
- Minimal application code		 - Standard authentication model
- Fewer lines of code
SAML API - Custom SSO/SLO flows
- More control
- Reduce HTTP redirects		 - Greater control over SSO and SLO
- Can optimize HTTP flow

Either approach is valid and, if required, switching between the two is relatively straightforward.

If you are unsure which approach to take, we generally recommend calling the SAML API directly.

Initialization

The following code adds the SAML services and specifies the SAML configuration.

// Add SAML services.
builder.Services.AddSaml(builder.Configuration.GetSection("SAML"));

Refer to the Configuration section for more options.

ISamlServiceProvider

The ISamlServiceProvider interface supports SAML SSO and SLO when acting as the service provider.

ISamlIdentityProvider

The ISamlIdentityProvider interface supports SAML SSO and SLO when acting as the identity provider.