The Rock Solid Knowledge SAML IdP allows you to customize your metadata document. Some of the common uses cases for customizing metadata include:
- Adding Organization and Contact details
- Changing the expiration time of the metadata
- Changing the maximum amount of time a consumer should cache the metadata
- Extending supported NameID formats
- Setting a default SSO endpoint
Metadata Configuration Settings
The startup configuration option Metadata
allows you to configure information such as your Organization and Contact details.
Check out the IdP configuration options for more details.
services.AddOpenIddict()
//Code removed for brevity.
.AddServer(options =>
{
options.AddSamlPlugin(builder =>
{
builder.ConfigureSamlOpenIddictServerOptions(serverOptions =>
{
serverOptions.IdpOptions = new SamlIdpOptions
{
options.Metadata = new MetadataOptions
{
OrganizationDetails = new Organization
{
Name = "RSK",
Url = new Uri("https://www.rocksolidknowledge.com/")
}
};
};
});
}});
Overriding Metadata Generator
If you cannot make the desired customization using the Metadata
configuration option, you can override the IIdentityProviderMetadataGenerator
.
This service generates the metadata configuration before it gets serialized.
public class CustomIdentityProviderMetadataGenerator : IIdentityProviderMetadataGenerator
{
private readonly IIdentityProviderMetadataGenerator defaultGenerator;
public CustomIdentityProviderMetadataGenerator(IIdentityProviderMetadataGenerator defaultGenerator)
{
this.defaultGenerator = defaultGenerator ?? throw new ArgumentNullException(nameof(defaultGenerator));
}
public async Task<SamlEntityDescriptor> GenerateMetadata(string baseUrl, string issuerUri)
{
var metadata = await defaultGenerator.GenerateMetadata(baseUrl, issuerUri);
// edit the metadata, for example:
var descriptor = metadata.RoleDescriptors.First(x => x.GetType() == typeof(IdentityProviderSingleSignOnDescriptor)) as IdentityProviderSingleSignOnDescriptor;
descriptor.NameIdentifierFormats.Add(new Uri(SamlConstants.NameIdentifierFormats.Unspecified));
return metadata;
}
}
Lastly, register your custom implementation in the DI container, which you must do after registering our component, as the DI container will use the last registered implementation of IIdentityProviderMetadataGenerator
. For example:
services.AddTransient<IdentityProviderMetadataGenerator>();
// decorate IdentityProviderMetadataGenerator
services.AddTransient<IIdentityProviderMetadataGenerator, CustomIdentityProviderMetadataGenerator>(provider => new CustomIdentityProviderMetadataGenerator(provider.GetRequiredService<IdentityProviderMetadataGenerator>()));