What should go into the "Issuer" field?

jitbit / AspNetSaml

Very simple SAML 2.0 consumer module for ASP.NET/C#

https://www.jitbit.com

Apache License 2.0

361 stars 118 forks source link

What should go into the "Issuer" field? #37

Closed chtenb closed 4 years ago

chtenb commented 4 years ago

In the sample code when creating a authentication request, the issuer is set to the application URL.

    var request = new AuthRequest(
        "http://www.myapp.com", //TODO: put your app's "unique ID" here
        "http://www.myapp.com/SamlConsume" //TODO: put Assertion Consumer URL (where the provider should redirect users after authenticating)
        );

I've noticed that when I leave this empty, everything seems to "just work". What is the purpose of this field?

alex-jitbit commented 4 years ago

It's an informational field that defines your app uniquely. It might work, but it makes it hard to look through the logs afterwards.

chtenb commented 4 years ago

Thanks!

chtenb commented 4 years ago

This is also commonly referred to as "entity ID", correct?

alex-jitbit commented 4 years ago

Yes, correct. We should probably rename that field to remove confusion