Closed eaviran1 closed 9 years ago
The metadata is created automatically at ~/AuthServices
The default Owin sample application at http://localhost:57294/
has the metadata available at http://localhost:57294/AuthServices
(the link on the first page of the sample application)
Thanks. But where exactly you build it in code. Looking on the code its a bit complicated to understand. Each time its issued with another EntityDescriptor Id.
<EntityDescriptor ID="_9370092d-c148-44de-82c4-80c86b0bb183"
entityID="http://localhost:57294/AuthServices"
cacheDuration="PT1H"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
<Extensions>
<DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"
Location="http://localhost:57294/AuthServices/SignIn"
index="0" isDefault="true"
xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"/>
</Extensions>
<SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:57294/AuthServices/Acs" index="0" isDefault="true"/>
<AttributeConsumingService index="0" isDefault="true">
<ServiceName
xml:lang="en">AuthServices
</ServiceName>
<RequestedAttribute Name="urn:someName" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Some Name"/>
<RequestedAttribute Name="Minimal" isRequired="false"/>
</AttributeConsumingService>
</SPSSODescriptor>
<Organization>
<OrganizationName xml:lang="sv-SE">Kentor</OrganizationName>
<OrganizationDisplayName xml:lang="sv-SE">Kentor IT AB</OrganizationDisplayName>
<OrganizationURL xml:lang="sv-SE">http://www.kentor.se/</OrganizationURL>
</Organization>
<ContactPerson contactType="technical">
<EmailAddress>authservices@example.com</EmailAddress>
</ContactPerson>
<ContactPerson contactType="support">
<EmailAddress>support@example.com</EmailAddress>
</ContactPerson>
</EntityDescriptor>
i change the email, in startup.auth.cs
var techContact = new ContactPerson
{
Type = ContactType.Technical
};
techContact.EmailAddresses.Add("eitan.aviran@gameffective.com");
spOptions.Contacts.Add(techContact);
but still it comes from defaults you probably have. The same for organization name no effect.
Thanks for any help given
As for the SP metadata generated it does not include the x.509 certificate. To my understanding it should be something like the attached file.
I will be happy for any help provided.
Regards, Eitan Aviran
From: Albin Sunnanbo [mailto:notifications@github.com] Sent: Tuesday, July 7, 2015 9:12 PM To: KentorIT/authservices Cc: Eitan Aviran Subject: Re: [authservices] Create my own SP metadata (#265)
The metadata is created automatically at ~/AuthServices The default Owin sample application at http://localhost:57294/ has the metadata available at http://localhost:57294/AuthServices (the link on the first page of the sample application)
— Reply to this email directly or view it on GitHubhttps://github.com/KentorIT/authservices/issues/265#issuecomment-119289165.
Usually the easiest way is to configure AuthServies is in web.config, you can configure the Owin middleware the same way as the MVC controller, see https://github.com/KentorIT/authservices/blob/master/doc/OwinMiddleware.md and https://github.com/KentorIT/authservices/blob/master/doc/Configuration.md
Generally I find the Mvc controller easier to follow. The entry points are more obvious. All three modules use the same backend. In the metadata case, look at the MetadataCommand
Each time its issued with another EntityDescriptor Id.
As far as I can understand from http://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf section 2.3.2 the ID attribute should vary. You should probably be looking on the entityID attribute.
but still it comes from defaults you probably have.
I tried to change to techContact.EmailAddresses.Add("eitan.aviran@gameffective.com");
and my metadata becomes, <EntityDescriptor ID="_8f22deec-b642-408a-bc36-8dd707e0c562" entityID="http://localhost:57294/AuthServices" cacheDuration="PT1H" xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><Extensions><DiscoveryResponse Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" Location="http://localhost:57294/AuthServices/SignIn" index="0" isDefault="true" xmlns="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol"/></Extensions><SPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://localhost:57294/AuthServices/Acs" index="0" isDefault="true"/><AttributeConsumingService index="0" isDefault="true"><ServiceName xml:lang="en">AuthServices</ServiceName><RequestedAttribute Name="urn:someName" isRequired="true" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" FriendlyName="Some Name"/><RequestedAttribute Name="Minimal" isRequired="false"/></AttributeConsumingService></SPSSODescriptor><Organization><OrganizationName xml:lang="sv-SE">Kentor</OrganizationName><OrganizationDisplayName xml:lang="sv-SE">Kentor IT AB</OrganizationDisplayName><OrganizationURL xml:lang="sv-SE">http://www.kentor.se/</OrganizationURL></Organization><ContactPerson contactType="technical"><EmailAddress>eitan.aviran@gameffective.com</EmailAddress></ContactPerson><ContactPerson contactType="support"><EmailAddress>support@example.com</EmailAddress></ContactPerson></EntityDescriptor>
, it looks like it has been updated.
As for the SP metadata generated it does not include the x.509 certificate
This is only relevant for signed AuthnRequests, but that is not implemented yet, https://github.com/KentorIT/authservices/issues/95
Hi can you help me with creating my own SP metadata. in an SP-Initiated sso. Let's say my site is http://localhost:2944 and i want to send the idp my sp metadata so it will send the assert to my local website made with visual studio mvc-5. How to configure that in the SampleOwinApplication. Thanks...