I've got a requirement that a ASP.NET web app use Shibboleth for the authentication. Has anyone done this before? Are there libraries out there to support the method calls? Or is this a Java only thing?
Shibboleth and .NET
Asked Answered
I thought Shibboleth was one of the elder gods. Apparently he authenticates people? –
Precincts
I would be interested if you have found a .NET solution for this. –
Ealing
I haven't done this for .NET, but you might get some ideas reading through my Objective-C implementation for the iPhone. –
Schlesinger
It's definitely not a Java-only thing, there's an Apache module available for download on the Shibboleth site.
I don't know if there's anything specific for .NET.
We implemented Shibboleth a while back and we originally tried to use the Java solutions - it was a nightmare. The java apps were badly-written, buggy and badly documented. It was hassle after hassle and we eventually decided to use the Apache module on a dedicated server and forward successfully authenticated users onto our Tomcat app. The Apache module was a breeze to setup, configure and get working.
Don't know if you've already realised but the Shib documentation and website are incredibly hard to navigate - it's a fight to find any useful information. I did go and look for a .NET implementation on there but gave up!
If our Java experiences are anything to go by I would seriously suggest setting up an Apache server with the Shibboleth module installed and saving yourself a world of pain.
This is a good site for testing your Shibboleth install once you have it set up: http://www.testshib.org/testshib-two/index.jsp
If you do find a good .NET solution then I'd be very interested to hear about it. Good luck!
Link is (unsurprisingly) broken. Go here instead samltest.id –
Oho
I know this is a really old question, but I thought I might be able to do a bit better expanding for those who are finding the answers from Google.
As recommended above, you really want to configure your web server to load a module. The hard part of shibboleth is the configuration file, but assuming some one else in your organization has utilized shibboleth you can use theirs as a template and its fairly easy.
For .NET based authentication, you'll need to configure Shibboleth in IIS. The default configuration for IIS creates a directory called /secure, and anything put under there will require shibboleth authentication (i.e. it will redirect to the identity provider). You can configure it to cover other directories or even do lazy authentication.
Once you have the authentication piece in place, you can check headers to "read" the information the identity provider is passing to you. IIS handles things a bit differently then Apache, but its still pretty easy. If you just want username you could use HTTP_REMOTEUSER although there could be better options; i.e. Ohio State University recommends using the eduPersonPrincipalName.
This is what I have done with Shibboleth. The only configuration was the Shibboleth XML, and the Discovery template. I agree, the documentation is difficult for someone with limited Apache knowledge, or someone doing it the first time. –
Satirical
I know this is an old question, but what if it's .NET MVC web service hosted on Azure Web app? Our goal is restrict who can call the service to SSO (SAML/Shib) authenticated users. –
Thiazine
As MatthewMartin says Shibboleth is just a SAML server, Windows Identity Foundation supports SAML as explained in this blog post.
The links to download the CTP are now dead. –
Botti
pretty sure WIF has been pulled into the dotnet framework dll's. All of the WS Fed stuff is mixed in with OWIN/Katana –
Excisable
© 2022 - 2024 — McMap. All rights reserved.