gabephudson
commented
1 year ago P.S. I have update the BaseResponse and Response classes to not require a certificate in the constructure, and added the following method to the Response class
public string GetIssuer() { XmlNode node = _xmlDoc.SelectSingleNode("/samlp:Response/saml:Issuer", _xmlNameSpaceManager); return node?.InnerText; }
Just want to make sure this an appropriate approach before I go down the rabbit hole of modifying further. ;)
First of all, thanks for providing a simple SAML SP consumption library! This is not an issue, but more of a question.
Our application needs to support multiple IDPs and also needs to support IDP initiated SSO, where the user logs in to their IDP first, and that IDP then initiates a request to our application for authentication. (Typically, this is done by the user clicking on icon in their corporate IDP dashboard. A SAML request is then sent to our consumer endpoint).
So that said, we will only be looking at implementing the landing page (step 2 in your docs) where we consume the SAML request. However, because we have mutiple client IDPs that can post to this address, how can we determine the ID of IDP making the request (their certificate will be pulled from a DB config once we know which one to pull)?
Looking at the code, it doesn't appear possible to parse the IDP id before we attempt to validate the response with a certificate. Is this correct?