Implement .NET Core Identity Provider server for Google RRS feed

  • Question

  • Hi, I want to authenticate my GSuite users using my own .net core web application as Identity Provider.

    However, I don't know where to even start. I've been actively and diligently looking for the solution but all of them are from commerce company and it is a bit over-kill to use their service.

    Is there a hidden gem open source libraries somewhere that I missed?

    I know this question is quite general but any help is much much appreciated.
    Saturday, July 27, 2019 7:26 AM


  • To build a SAML-compliant Identity Provider for federated identity you'll need not only SAML tokens but SAML protocol (v2 is the only one I've seen being supported by external providers like Google, Okta, Auth0, AWS Cognito and others). They all use either SAML 1.1 or 2.0 tokens from within SAML 2.0 protocol.

    From a long research (still goind on) I came to only one free SAML2 library I'd trust: Sustainsys. It'll enable SAML2 (including the protocol) on your application, perform assertion validation and all. It will work only for new projects.

    You can rely on two paid suites, too: ComponentPro and ComponentSpace 

    You can create a SAML2-P compliant app/module but you'll have to handle signatures, message receival, validation, assertions and more. I'd recommend against that as it's quite easy to miss something which could later be exploited as a security breach.

    You might use other federation alternatives

    SAML is not the only path here. You might give a try to OpenID Connect or WS-Federation as well. Check more on Authentication Federation topic and you'll find other protocols. 

    • Marked as answer by Mc Blair Saturday, July 27, 2019 7:32 AM
    Saturday, July 27, 2019 7:31 AM