Skip to content

Examples

SAML messages

This guide must be accompanied by sample SAML messages in the following files:

  1. AuthnRequest.xml – sample AuthnRequest generated by .NET sample
  2. Response.xml – sample of a successful SAML Response generated by MPass in response to the above AuthnRequest
  3. Response - Cancelled.xml – sample of failed SAML Response generated by MPass as a result of user authentication cancellation
  4. LogoutRequest.xml – sample LogoutRequest generated by .NET sample
  5. LogoutResponse.xml – sample of a successful LogoutResponse generated by MPass in response to the above LogoutRequest

.NET Sample

This document is accompanied by a .NET integration sample. If the ZIP archive is encrypted (for e-mail filtering pass-through purposes), the password is "mpass" (without quotes).

Software requirements

The sample is build using Visual Studio 2013 based on ASP.NET 4.5, MVC 5.2 using C# and NuGet package manager. Although there are no 3rd party libraries or licenses required to build the sample, NuGet requires an internet connection while downloading packages for the first build.

Sample overview

After opening the MPass.Sample.sln, please go to Web.config and modify the appropriate configuration elements in applicationSettings section. All of the settings related to MPass integration are placed in this section.

You'll find the important code in AccountController. Just run the sample and follow the code.

SAML message handling is implemented in SamlMessage helper class. Feel free to copy in your own solution for easier integration.

Please observe the following:

  • How AccountController.Login builds an AuthnRequest, signs it and submits it to MPass
  • How AccountController.Acs handles the Response and uses SamlMessage.LoadAndVerifyLoginResponse to verify the resulting response
  • How AccountController.Logout builds and submits a LogoutRequest and AccountController.AfterLogout handles LogoutResponse
  • How AccountController.SingleLogout handles LogoutRequest and generates a LogoutResponse for MPass
  • How Redirect view is used to submit a SAML request as well as a SAML response
  • How OutputCacheAttribute is applied to Login and Logout actions to prevent caching, as recommended by [SAML Binding, 3.5.5.1]
  • SamlMessage throws ApplicationException on any verification failure and this error is not handled by AccountController on the purpose to let you finish a correct error handling implementation, according to your Service needs
  • RelayState is returned as part of response submission and can contain any value useful for your Service (note that according to [SAML Binding, 3.5.3], RelayState must not exceed 80 bytes in length)
  • Comments provided in the source code for further integration customization specific to your Service