The Rock Solid Knowledge SAML IdP component allows you to customize your SSO response.
For configuring the user Name Identifier, please refer to the Configuring NameID page.
For configuring the assertion attributes, please refer to the Claims Mapping and Assertion Attributes page.
For other use cases, you will need to implement the ICustomSamlSingleSignOnGenerator interface.
This interface is what the component uses to perform custom generation logic for SAML Sign-on Response messages.
Some of the use cases for overriding ICustomSamlSingleSignOnGenerator include:
- Adding optional information, such as assertion attribute
NameFormatandFriendlyName - Customizing authentication context,
AuthnContext
public class CustomSamlSingleSignOnGenerator : ICustomSamlSingleSignOnGenerator
{
public Task<SamlResponse> CreateResponse(SamlResponse response, ValidatedSamlMessage request)
{
// update response
if (request.ServiceProvider.EntityId == "sp")
{
var statement = response.Assertion.Statements.FirstOrDefault(x => x.GetType() == typeof(Saml2AuthenticationStatement));
var authnStatement = statement as Saml2AuthenticationStatement;
authnStatement.AuthenticationContext = new Saml2AuthenticationContext(new Uri("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"));
}
return Task.FromResult(response);
}
}
Lastly, you must register your custom implementation in the DI container.
services.AddTransient<ICustomSamlSingleSignOnGenerator, CustomSamlSingleSignOnGenerator>();
This should be done after you have called AddSamlPlugin as the DI container uses the last registration when resolving services.