Active Directory SSO In Windows Azure Using SAML 2.0

Sankara Krishnan Venugopal
Jun 14, 2019

43.8k
0
2
- facebook
- twitter
- linkedIn
- Reddit
- WhatsApp
- Email
- Print
- Other Artcile

Overview

You should have an Azure account to log in. Please create a new account using the link here.

This is the sample architectural diagram for Azure SSO in On-Premises.

Active Directory SSO In Windows Azure Using SAML 2.0

Step 1

The dashboard page will be displayed when we log in the Azure account. Type “Enterprise applications” in the search box and select it.

The selection will be redirected to the “New Application” page.

Step 2

The “New Application” button is selected to create a new enterprise application.

The table contains exiting applications that are created by internal & cloud users. Click on “New Application”.

Step 3

You can see three options on this window.

Click on “Non-gallery application” to integrate your applications.

Step 4

Give any name for the application and click on Add. In the bottom of the text box, a Support link will be displayed. The Support indicates that you are creating an SAML based single sign-on.

Step 5

Once you create a new application, it will come under the Overview page. Here, you can check the following.

User and Groups
Single Sign-on
Owner
Permissions and etc.

Step 6

Select “Users and Groups” and add any member from the list. The main purpose of this is to add login credentials through SSO.

Step 7

I have included one member for testing. The count will display on the Overview page.

Step 8

Click on to Single Sign-on on the left side of the panel and click on SAML method.

Step 9

The new SAML method has been created.

Step 10

You should have SAML supported application in your technology. I am using the .NET framework.

Set your destination on it. Here, www.test.com is my replying party.

Step 11

The below notification will display when you have done your configurations and click on Save.

Step 12

This is an auto-generated key from SAML Signing Certificate.

Step 13

Click on “Test this application” to check your SSO login process.

Step 14

Click on Single Sign-On as Current User to check the application.

Step 15

You can see the redirection through microsoftonline.com.

Step 16

The SSO authentication will reach your given relaying party URL.

.NET Code

This is SAML supported code to get SAML response from Windows Azure method. Use the following code on your .Net application and check it.

string strVarCallResult = string.Empty;
string ClaimUserID = string.Empty;
string ClaimEmployeeID = string.Empty;
try
{
foreach (string s in Request.Params.Keys)
{
if (s.ToString() == "SAMLResponse")
{
rawSamlData = Request.Params[s];
break;
}
}
byte[] samlData = Convert.FromBase64String(rawSamlData);
// read back into a UTF string
string samlAssertion = Encoding.UTF8.GetString(samlData);
XmlDocument doc = new XmlDocument();
XmlNamespaceManager xMan = new XmlNamespaceManager(doc.NameTable);
xMan.AddNamespace("saml2p", "urn:oasis:names:tc:SAML:2.0:protocol");
xMan.AddNamespace("saml2", "urn:oasis:names:tc:SAML:2.0:assertion");
xMan.AddNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
doc.LoadXml(Encoding.UTF8.GetString(samlData));
//Response.Write(doc.LastChild.ChildNodes[3].ChildNodes[2].ChildNodes[0].InnerXml);
XmlNode xNode = doc.SelectSingleNode("/saml2p:Response/saml2:Assertion/saml2:Subject/saml2:NameID", xMan);
if (xNode != null)
{
UserId = xNode.InnerText;
ClaimUserID = xNode.InnerText;
}
}
catch (Exception ex)
{
}

Please let me know if you have any queries on this.

Recommended Free Ebook

Azure Web Apps for Developers

Download Now!