CMSL.77578 (Customer) asked a question.
Configure OWIN-based application to use Okta via SAML 2.0
Hi fellow Community,
I'm seeking help to complete a task which requires this:
- Integrate a OWIN-based application with Okta.
- The integration should be done via SAML 2.0 protocol and not OIDC.
What additional information, regarding this task, is available until now:
- I'm trying to use the following .NET Library for the SAML 2.0 integration: Sustainsys.Saml2 + its OWIN package.
- I know, the SAML 2.0 integration, in its final implementation, will need to target an external IdP via Okta (I can't tell you what is this IdP, but obviously it is a SAML-compliant one).
- Connected with the previous bullet-point, would it be possible to target separate Okta IdP (for example an OIDC one), instead of targeting some unknown SAML-compliant IdP?
What I did until now:
- I was successful in the constructing a simple solution, based on the above mentioned .NET library, which is able to reach the Okta and the prepared SAML 2.0 application.
- In Okta, I've defined a SAML 2.0 application according to the available guidelines for this.
- The Issuer URI / Entity ID, the SSOn IdP URL and the Metadata XML from the Okta SAML 2.0 application are available and configured in the SP application.
- The SP ACS URL and the Audience URI / Restriction are also available and configured in the Okta SAML 2.0 application.
Results until now:
- Although reaching successfully Okta, user has been logged in, upon return from the Authentication (the execution reaches the SSOn URL), there is no SAMLResponse in the call to SSOn URL and it is a GET request (I was thinking it should be a POST one).
- As follow-up on this no login is made in the SP and the user is redirected to the login page.
- Following the tutorials on the Sustainsys.Saml2 documentation page (the one with the OWIN example and the one with the ID3 example) didn't led me to more successful result, better than the one described above.
- I've tried to use ngrok and the Okta SAML Validation Tool to check the SAMLRequest/Response blocks in the HTTP communication, but for some reason ngrok does not transfers my localhost URL correctly (Okta is getting HTTP error 400).
I'd be very thankful if fellows in the community can help me to tackle down the problems and to create an usable example of an OWIN-based application that talks with SAML 2.0 Okta application and successfully authenticates against another Okta-based IdP
Many thanks Fellows!
Hi there! Apologies for the lack of response to your question. Going forward, we're implementing a new process to ensure that all Discussions receive a response from either another Community member or from the Okta Support team within 7 days of posting. Thank you for your patience while we put this into action!
I know this question is a bit old now, but If you’re still looking for information or help I’d recommend reaching out to the fine folks in the Admin Pro Tips group to see if anyone there can help: https://support.okta.com/help/s/group/0F90Z000000EK23SAG/admin-pro-tips
Thanks 🙂