Active Directory SSO In Windows Azure Using SAML 2.0

In this session, we are going to discuss how to create an SSO (Single-Sign-On) in Azure Directory.

Overview

 
You should have an Azure account to log in. Please create a new account using the link here.
 
This is the sample architectural diagram for Azure SSO in On-Premises.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 1
 
The dashboard page will be displayed when we log in the Azure account. Type “Enterprise applications” in the search box and select it.
 
The selection will be redirected to the “New Application” page.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 2
 
The “New Application” button is selected to create a new enterprise application.
 
The table contains exiting applications that are created by internal & cloud users. Click on “New Application”.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 3
 
You can see three options on this window.
 
Click on “Non-gallery application” to integrate your applications.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 4
 
Give any name for the application and click on Add. In the bottom of the text box, a Support link will be displayed. The Support indicates that you are creating an SAML based single sign-on.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 5
 
Once you create a new application, it will come under the Overview page. Here, you can check the following.
  • User and Groups
  • Single Sign-on
  • Owner
  • Permissions and etc.
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 6
 
Select “Users and Groups” and add any member from the list. The main purpose of this is to add login credentials through SSO.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 7
 
I have included one member for testing. The count will display on the Overview page.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 8
 
Click on to Single Sign-on on the left side of the panel and click on SAML method.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 9
 
The new SAML method has been created.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 10
 
You should have SAML supported application in your technology. I am using the .NET framework.
 
Set your destination on it. Here, www.test.com is my replying party.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 11
 
The below notification will display when you have done your configurations and click on Save.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 12
 
This is an auto-generated key from SAML Signing Certificate.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 13
 
Click on “Test this application” to check your SSO login process.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 14
 
Click on Single Sign-On as Current User to check the application.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 15
 
You can see the redirection through microsoftonline.com.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
Step 16
 
The SSO authentication will reach your given relaying party URL.
 
Active Directory SSO In Windows Azure Using SAML 2.0
 
.NET Code
 
This is SAML supported code to get SAML response from Windows Azure method. Use the following code on your .Net application and check it.
  1. string strVarCallResult = string.Empty;  
  2.         string ClaimUserID = string.Empty;  
  3.         string ClaimEmployeeID = string.Empty;  
  4.          
  5.         try  
  6.         {  
  7.             foreach (string s in Request.Params.Keys)  
  8.             {  
  9.                 if (s.ToString() == "SAMLResponse")  
  10.                 {  
  11.                     rawSamlData = Request.Params[s];  
  12.                     break;  
  13.                 }  
  14.             }  
  15.               
  16.             byte[] samlData = Convert.FromBase64String(rawSamlData);  
  17.   
  18.             // read back into a UTF string  
  19.             string samlAssertion = Encoding.UTF8.GetString(samlData);  
  20.   
  21.             XmlDocument doc = new XmlDocument();  
  22.             XmlNamespaceManager xMan = new XmlNamespaceManager(doc.NameTable);  
  23.             xMan.AddNamespace("saml2p""urn:oasis:names:tc:SAML:2.0:protocol");  
  24.             xMan.AddNamespace("saml2""urn:oasis:names:tc:SAML:2.0:assertion");  
  25.             xMan.AddNamespace("ds""http://www.w3.org/2000/09/xmldsig#");  
  26.   
  27.             doc.LoadXml(Encoding.UTF8.GetString(samlData));  
  28.             //Response.Write(doc.LastChild.ChildNodes[3].ChildNodes[2].ChildNodes[0].InnerXml);  
  29.             XmlNode xNode = doc.SelectSingleNode("/saml2p:Response/saml2:Assertion/saml2:Subject/saml2:NameID", xMan);  
  30.               
  31.             if (xNode != null)  
  32.             {  
  33.                 UserId = xNode.InnerText;  
  34.                 ClaimUserID = xNode.InnerText;  
  35.                  
  36.             }  
  37. }  
  38.         catch (Exception ex)  
  39.         {  
  40.              
  41.         }  
Please let me know if you have any queries on this.