Shibboleth Web Applications
After successfully installing the UltimateSaml for SAML v2.0 setup package you will see ten web sample projects in the folder WebForms\C# for C# and WebForms\VB.NET for VB.NET (By default UltimateSaml is installed in folder C:\Atp with Vista, 2008 and above, C:\Program files\Atp with XP, 2003, 2000). To run these web sample projects, open the solution file Saml2_Shibboleth_WebDemo.XXXX.sln for C# or Saml2_Shibboleth_WebDemoVB.XXXX.sln for VB.NET, and then select Saml2Shibboleth.IdentityProviderWebDemo or Saml2Shibboleth.ServiceProviderWebDemo.
These applications may also be used to demonstrate interoperability with Shibboleth. Shibboleth (http://shibboleth.internet2.edu) is an open source SSO software package using Java and C++ technologies. Installation and configuration of the Shibboleth software is beyond the scope of this document and is not required for this demonstration.
Identity Provider Web Application - Saml2Shibboleth.IdentityProviderWebDemo or Saml2Shibboleth.IdentityProviderWebDemoVB
This sample is configured to run at port 1423 (you can easily change the port number in the project property page). The identity provider web application, in conjunction with Service Provider web application, demonstrates SP initiated single sign-on. The following steps will guide you how to run this sample project:
1. Login to the system with the user name iuser and a password of password.
2. You are now presented with the Identity Provider's default page.
3. Click on the link to access the Service Provider site. You should be presented with the Service Provider's default page.
You have successfully completed a SAML 2.0 Single Sign-On and are logged in at the Service Provider with your Identity Provider user name.
How to configure?
You can easily configure the ID Provider web application by modifying the settings within its web.config file's <appSettings> section:
- ServiceProviderUrl: The URL of the service provider site. Default value is http://localhost:1424.
- AssertionServiceSamlBinding: The binding to use when communicating to the service provider. Default value is urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST.
- AssertionServiceUrlHttpPost: The URL of the service provider’s assertion consumer service when using the HTTP POST binding. Default value is http://localhost:1424/AssertionService.aspx?binding=post.
- AssertionServiceUrlHttpArtifact: The URL of the service provider’s assertion consumer service when using the HTTP Artifact binding. Default value is http://localhost:1424/AssertionService.aspx?binding=artifact.
- ArtifactResolutionUrl: The URL of the service provider’s artifact resolution service. Default value is http://localhost:1424/ArtifactService.aspx.
Service Provider Web Application - Saml2Shibboleth.ServiceProviderWebDemo or Saml2Shibboleth.ServiceProviderWebDemoVB
This sample is configured to run at port 1424 (you can easily change the port number in the project property page). The service provider web application, in conjunction with Identity Provider web application, demonstrates SP initiated single sign-on. You can directly login to the local system by entering credentials (suser/password) and clicking on the Login button (login to SP without Single Sign-On) or follow the steps below to run the application with Single Sign-On (In this scenario, the user is attempting to access a protected resource on the service provider and, rather than performing a local login at the service provider, SSO is initiated with a local login occurring at the identity provider and the asserted identity, passed to the service provider in a SAML assertion, is used to perform an automatic login at the service provider):
1. Click on the Login button under the text Login at the Identity Provider
2. You should then be presented with the Identity Provider's login page as you will be logging in at the identity provider.
3. Login with user name iuser and a password of password. You should then be presented with the service provider's default page.
You have successfully completed a SAML 2.0 Single Sign-On and are logged in at the Service Provider with your Identity Provider user name.
How to configure?
You can easily configure the Service Provider web application by modifying the settings within its web.config file's <appSettings> section:
- SingleSignOnServiceBinding: The binding to use when communicating to the identity provider. Default value is urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect.
- SingleSignOnServiceUrlHttpPost: The URL of the identity provider’s single sign-on service when using the HTTP POST binding. Default value is http://localhost:1423/SingleSignOnService.aspx?binding=post.
- SingleSignOnServiceUrlHttpRedirect: The URL of the identity provider’s single sign-on service when using the HTTP Redirect binding. Default value is http://localhost:1423/SingleSignOnService.aspx?binding=redirect.
- SingleSignOnServiceUrlHttpArtifact: The URL of the identity provider’s single sign-on service when using the HTTP Artifact binding. Default value is http://localhost:1423/SingleSignOnService.aspx?binding=artifact.
- ArtifactServiceUrl: The URL of the identity provider’s artifact resolution service. Default value is http://localhost:1423/ArtifactService.aspx.
