[Tutorial] Single Sign On for ASP.NET MVC4 Web Applications with WSO2 Identity Server
- Imesh Gunaratne
- Solutions Architect - WSO2
Introduction
Single Sign On (SSO) can be configured for ASP.NET MVC4 web applications using different approaches; Federated Authentication (Passive STS), SAML2, OAuth, Open ID, etc. Windows Identity Foundation (WIF) provides features for configuring SSO with Federated Authentication [2]; however, other approaches were not supported by WIF at the time of publishing this article.
Configure WSO2 Identity Server (IS)
- Extract WSO2 IS 5.0.0 distribution and apply the service pack 1.
- Start WSO2 IS server extracted above.
- Login to WSO2 IS management console (UI):
https://localhost:9443/carbon - Add a new Service Provider:
A Service Provider in WSO2 IS represents a web application that needs SSO. Provide Mvc4SingleSignOnSAML2 as the service provider name and a meaningful description.
Figure 01
Configure SAML2 Inbound Authentication: Go to Identity -> Service Providers -> List and Edit the above created Service Provider, expand the Inbound Authentication Configuration section and click on Configure:
Figure 02
- Provide SAML configuration:
Figure 03
- Rename Resident Identity Provider in Identity Server: localhost -> wso2is
Go to Identity Providers list and click on Resident Identity Provider:
Issuer | Mvc4SingleSignOnSAML2 |
Assertion Consumer URL | https://localhost:51481/SAML/AssertionConsumerService |
Audience/Recipient | https://localhost:9444/oauth/token |
Figure 04
Set Identity Provider Entity ID to wso2is:
Figure 05
Configure API Manager
- Extract API Manager distribution and set port offset to 1.
- Start API Manager instance and login to Management Console:
https://localhost:9444/carbon - Create an Identity Provider in API Manager:
Login to API Manager management console and click on Add Identity Provider:
Figure 06
Once Identity Provider is created configure SAML2 Web SSO settings:
Figure 07
Checkout sample ASP.NET MVC4 web application from the following Git repository:
git clone https://github.com/imesh/asp-net-mvc4-sso.git |
Upload wso2carbon.cer SSL certificate found in the below location to the above Identity Provider:
[asp-net-mvc4-sso]\Mvc4SingleSignOnSAML2\wso2carbon.cer |
Run TicketsApi Web APIM
- Open TicketsApi web API in Visual Studio 2012:
[asp-net-mvc4-sso]\TicketsApi\TicketsApi.csproj - Run the above web api in debug mode.
Publish TicketsApi through API Manager
Figure 08
Endpoint URL:
https://localhost:2423/api/tickets |
Tickets API URL:
https://localhost:8281/tickets/v1.0.0 |
Log into API Store and subscribe to Tickets API. Afterwards generate Consumer Key and Consumer Secret.
Configure and Run Mvc4SingleSignOnSAML2 Web Application
- Open TicketsApi web api in Visual Studio 2012:
[asp-net-mvc4-sso]\Mvc4SingleSignOnSAML2\Mvc4SingleSignOnSAML2.csproj
- Set Token API endpoint, Consumer Key, Consumer Secret and Tickets API endpoint in Web.config file:
Figure 09
https://localhost:51481/ |
References
[1] Windows Identity Foundation, MSDN Library
[2] Passive Authentication for ASP.NET with WIF, MSDN Magazine