An implementation of the ISamlMetadataParser interface parses the partner identity provider's metadata document when using the Automatic Metadata Lookup feature.
The common use cases for overriding the parser include:
- Selecting a different endpoint. The default parser prefers HTTP-POST binding over other binding types. This is because this binding type offers increased security over HTTP-Redirect.
- The metadata parser contains multiple entity descriptors. Our default implementation does not support multiple descriptors.
public class CustomSamlMetadataParser : ISamlMetadataParser
{
private readonly ISamlMetadataParser defaultParser;
public CustomSamlMetadataParser(ISamlMetadataParser defaultParser)
{
this.defaultParser = defaultParser ?? throw new ArgumentNullException(nameof(defaultParser));
}
public async Task<IdpOptions> Parse(string metadataXml, bool requireValidMetadataSignature)
{
/* If you want to edit metadataXml before parsing, please be aware that if the document is signed,
editing the metadata will invalidate the signature. */
var idpOptions = await defaultParser.Parse(metadataXml, requireValidMetadataSignature);
// Edit parsed options
return idpOptions;
}
}
Lastly, you need to register your custom implementation in the DI container after the call to AddSaml2p.
services.AddSingleton<SamlMetadataParser>();
// Decorate SamlMetadataParser
services.AddSingleton<ISamlMetadataParser, CustomSamlMetadataParser>(serviceProvider => new CustomSamlMetadataParser(serviceProvider.GetService<SamlMetadataParser>()));