The Rock Solid Knowledge SAML IdP allows you to customize your SSO response.
For configuring the user Name Identifier, please refer to the Configuring NameID page.
For configuring the assertion attributes, please refer to the Claims Mapping and Assertion Attributes page.
For other use cases, you will need to implement ICustomSamlSingleSignOnGenerator.
This class performs custom generation logic for SAML Sign-on Response messages.
Some of the use cases for overriding ICustomSamlSingleSignOnGenerator include:
- Adding optional information, such as assertion attribute
NameFormatandFriendlyName - Customizing authentication context,
AuthnContext
public class CustomSamlSingleSignOnGenerator : ICustomSamlSingleSignOnGenerator
{
public Task<SamlResponse> CreateResponse(SamlResponse response, ValidatedSamlMessage request)
{
// update response
if (request.ServiceProvider.EntityId == "sp")
{
var statement = response.Assertion.Statements.FirstOrDefault(x => x.GetType() == typeof(Saml2AuthenticationStatement));
var authnStatement = statement as Saml2AuthenticationStatement;
authnStatement.AuthenticationContext = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
}
return Task.FromResult(response);
}
}
Lastly, you must register your custom implementation in the DI container.
services.AddTransient<ICustomSamlSingleSignOnGenerator, CustomSamlSingleSignOnGenerator>();