Our open-source components for Saml2 with Asp.Net are trusted by millions of users worldwide to protect vital health care information, banking details and corporate systems.
The Sustainsys.Saml2 library is free to use under an open-source license. We offer commercial developer support and consulting services.
The source code is available on GitHub and documentation on our docs site.
To test your application's Saml2 capabilities we host a publicly available StubIdp. It answers to any service provider (Saml2 term for client application) and allows you to modify attributes and other values for the response.
The core Saml2 functionality is implemented in the Sustainsys.Saml2 package. For v1.x and v2.x it is not recommended to use this package directly as it is a low level generic API. On top of that package, there are four API modules available that integrates into different generations of Asp.Net and Asp.Net Core:
- Sustainsys.Saml2.HttpModule is an Http Module for use with legacy Asp.Net Applications, typically webforms.
- Sustainsys.Saml2.Mvc includes Asp.Net Mvc Controllers (note, Asp.Net, not Asp.Net Core). This is aimed to be a easy-to-use model for simple cases.
- Sustainsys.Saml2.Owin is a more powerful and generic implementation for Asp.Net (not Core). It integrates with the Microsoft.Owin packages and is powerful, but requires more effort to configure.
- Sustainsys.Saml2.AspNetCore2 is an Asp.Net Core Authentication handler for Asp.Net Core version 2 and up. Asp.Net Core 1.x used a completely different model that was based on the Owin middleware model. The name AspNetCore2 was chosen to mark that it was compatible with 2.x. Now that the same API has been stable all the way up through .NET 10 the naming feels a bit odd.
Saml2 v1.x
The 1.x versions of Sustainsys.Saml2 rely on the System.IdentityModel libraries that are part of the .Net Framework. These libraries offer minimal dependencies. They are on life support - i.e. they will receive critical security updates but no new features are added.
Saml2 v2.x
The 2.x versions of Sustainsys.Saml2 are compatible both with .NET and .NET Framework. They rely on the Microsoft.IdentityModel packages for processing Saml2 assertions.
The 2.x versions are fully supported and do get functionality added in cooperation with customers paying for support.
Saml2 v3.x
The 3.x version is still under development. It is a complete rewrite that will offer more flexibility through dependency injection. It will also not reference Microsoft.IdentityModel, but instead rely on an own implementation.
The XML signature validation, which is the main security foundation of Saml2, has never used the System/Microsoft.IdentityModel implementation in any case. That implementation is too inflexible for Saml2, so the .NET SignedXml class have been used in all versions.