Our SAML Service Provider component needs to store Artifact data when using HTTP Artifact Binding to send SAML messages to the partner Identity Provider. This data includes sensitive SAML messages that are exchanged via the backchannel when using HTTP Artifact Binding.
This data is accessed dynamically at runtime using services in the DI container. The store interface is designed to abstract access to the data. This gives you the flexibility to implement the store interface yourself, allowing you to use any database of your choice.
We provide EntityFramework Core implementations for relational databases by default. This means that you can use any EF-supported database with our component. When using EntityFramework, we recommend initializing your database and running migrations following the advice in EntityFramework Core Migrations documentation.
Artifact Store
For our Service Provider component, we provide two implementations of the ISamlArtifactStore
store.
- In-memory Artifact Store
- EntityFramework Core Artifact Store
Both SAML Identity Provider and SAML Service Provider components use ISamlArtifactStore
, as they can both use HTTP Artifact binding to send messages. If you are acting as both Identity Provider and Service Provider, the same artifact store will be used by both IdP and SP. This means that the last registered implementation in the DI container will be utilized. You only need to register the ISamlArtifactStore
once.
In-Memory Artifact Store
This is the default store registered when you add AddSaml2p()
. The in-memory artifact store, SamlInMemoryArtifactStore
, uses an in-memory collection to store sensitive artifact exchange data. If you are using HTTP Artifact binding in production, we recommend using a different implementation.
EntityFramework Core Artifact Store
To use the EntityFramework Core artifact store, SamlArtifactStore
, you will need to install our core SAML EF package.
NuGet Package
dotnet add package Rsk.Saml.EntityFramework
Store Configuration
To use the EF artifact store, use the AddSamlArtifactStore
extension. The SamlArtifactStoreOptions
class contains properties that allow you to control the EF store and the underlying SamlArtifactDbContext
.
var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name;
services.AddSamlArtifactStore(options => options.ConfigureDbContext = dbContextBuilder => dbContextBuilder.UseSqlServer(
"<connection_string>", sqlServerOptions => sqlServerOptions.MigrationsAssembly(migrationsAssembly)));
Registering a Custom Artifact Store
To register a custom artifact store implementation, use the AddCustomArtifactStore
extension method.
services.AddCustomArtifactStore<CustomArtifactStore>();