Getting started with Symplified.Auth

roycornelissenroycornelissen USInsider, University, Developer Group Leader ✭✭

Hi,

I have a scenario in which the Symplified.Auth component would be a great fit. The app we're building has to authenticate against an ADFS 2.0 SAML endpoint, so I downloaded the Symplified.Auth component to give it a try.

The first problem I'm running into is that the FederationMetadata from the ADFS server fails to load:

        XmlDocument xDoc = new XmlDocument();
        xDoc.PreserveWhitespace = true;
        xDoc.Load(Assets.Open("FederationMetadata.xml"));
        Saml20MetadataDocument idpMetadata = new Saml20MetadataDocument(xDoc); // EXCEPTION!

The exception is:

        dk.nita.saml20.Saml20Exception: "Metadata signature could not be verified."

The metadata file I got comes directly from ADFS and should be valid, so I don't understand why the signature would be invalid. Do I need additional info in the app in order to verify the signature? The sample xml from Symplified is not signed so that runs fine, but not with a real world case :)

Next, the component handles all authentication in the app on the device. Now I want to use this token to authenticate and authorize the user against my backend API (ASP.NET WebApi 2). Any best practices for that? Do I just use WIF for that?

Posts

  • MichaelGileMichaelGile USMember

    Hi Roy,

    ADFS has some quirks that are non-standard that we've found cause trouble with other SAML federation products. Microsoft has acknowledged these and published a guide that walks through the interoperability steps to get ADFS to play nice with the rest of the SAML products on the market. I've attached the document to this comment, and the direct download link from Microsoft is below:

    .docx URL

Sign In or Register to comment.