Our SAML Identity Provider component is backed by three kinds of data:
- Service Provider Data - The configuration data of the partner Service Providers
- Artifact Data - The HTTP Artifact exchange data. This data includes sensitive SAML messages that are exchanged via the backchannel using HTTP Artifact Binding.
- Temporary Saml Message Data - The Saml Messages sent to the component that are too large to be passed via query parameters.
This data is accessed dynamically at runtime using services in the DI container. The store interfaces are designed to abstract access to the data. This gives you the flexibility to implement these interfaces yourself, allowing you to use any database of your choice.
We provide EntityFramework Core implementations for relational databases by default. This means that you can use any EF-supported database with our component.
When using EntityFramework, we recommend initializing your database and running migrations following the advice in EntityFramework Core Migrations documentation.
Depending on which Identity provider framework you are using, the temporary data storage methods will differ. IdentityServer deployments will leverage the persisted grants table, whereas OpenIddict deployments require an additional DbContext to be configured. For more information see our provider-specific documentation for Duende IdentityServer and OpenIddict.