Skip to content

Step-by-Step Guide - Service Provider

This section walks you through the recommended steps for enabling your web application to act as a service provider and support SAML SSO with partner identity providers.

Creating a Certificate

An X.509 certificate and its private key are required if SAML messages sent by your service provider are to be signed or SAML assertions are to be encrypted.

If you're supporting SP-initiated SSO or SLO, we recommend signing the associated SAML messages.

Use the CreateSelfSignedCert console application to create a self-signed certificate.

For more information, refer to the Certificates section.

Creating the Local Service Provider Configuration

SAML configuration is used to specify the local service provider. The Configuration section describes the various alternatives for specifying SAML configuration. Here we will use the simplest approach which is to store the SAML configuration in your application's saml.config file.

Use the CreateConfiguration console application to create a saml.config.

For more information, refer to the Configuration section.

Exporting the Local Service Provider Metadata

SAML metadata is the standard format for exchanging configuration information between SAML providers. SAML metadata is supplied to partner providers so they can update their internal configuration to support SSO.

Use the ExportMetadata console application to generate the SAML metadata.

Share the SAML metadata with your partner provider(s). You could make the metadata available for download from a URL or supply it directly to the partner provider.

For more information, refer to the Metadata section.

Importing the Partner Identity Provider Metadata

SAML metadata supplied by partner providers is used to update your SAML configuration with the partner identity provider's settings.

Use the ImportMetadata console application to update the SAML configuration.

For more information, refer to the Metadata section.

Updating the Application Code

The SAML API section describes the various SAML APIs to support SSO and SLO flows when acting as the service provider.

The Examples section lists the various example projects. These are a good starting point for understanding how to call the SAML API.

Update your application to call the SAML API to enable SAML SSO.

Testing SAML SSO

Before testing, ensure the following have been completed:

  1. Your application's saml.config has been created.
  2. The local and partner certificate files are correctly referenced in the SAML configuration.
  3. Your application has been updated to call the SAML API.
  4. The partner provider has imported your SAML metadata and is ready.