/wiki/spaces/E2D/pages/29982926 / Workflow Studio / Workflow Studio / Extending EmpowerID / Current: Customizing SSO Extensions |
SSO extensions provide integration points for SAML 2.0 Web Profile based Single Sign On. You can use these extensions to do any of the following:
This method allows you to manipulate the SAML response prior to be sent from the Login Workflow during an SSO sign-in.
C# Syntax
public override void OnLoginWorkflowSendSAMLResponse( Saml2Protocol.SAMLResponse samlResponse, SSOState ssoState, C.SAMLSingleSignOn ssoTarget, C.LoginSession loginSession ) |
Parameter | Description |
---|---|
samlResponse[in] | Specifies the SAML Response object |
ssoState[in] | Specifies the SSO state if any. Typically, the SSO state contains the SAML Authentication Request, the SSO connection and other contextual objects |
ssoTarget[in] | Specifies the SSO connection as configured in EmpowerID |
loginSession[in] | Specifies the SSO Login Session associated with the SSO instance |
This method allows you to manipulate the SAML response prior to be sent from the login process during an SSO sign whereby the Login Workflow was bypassed.
public override void OnDirectSendSAMLResponse( Saml2Protocol.SAMLResponse samlResponse, SSOState ssoState, C.SAMLSingleSignOn ssoTarget, C.LoginSession loginSession ) |
Parameters | Description |
---|---|
samlResponse[in] | Specifies the SAML Response object |
ssoState[in] | Specifies the SSO state if any. Typically, the SSO state contains the SAML Authentication Request, the SSO connection and other contextual objects |
ssoTarget[in] | Specifies the SSO connection as configured in EmpowerID |
loginSession[in] | Specifies the SSO Login Session associated with the SSO instance |
This method allows you merge SAML response from an external IDP with the local SAML response when performing SSO in the context of an EmpowerID-to-EmpowerID federation.
public override SAMLResponse MergeFederatedResponses( Saml2Protocol.SAMLResponse localSAMLResponse, Saml2Protocol.SAMLResponse externalSAMLResponse, C.SAMLSingleSignOn ssoTarget, C.LoginSession loginSession ) |
Parameters
Parameter | Description |
---|---|
ocalSAMLResponse[in] | Specifies the local SAML Response object |
externalSAMLResponse[in] | Specifies the SAML response from the external Identity Provider |
ssoTarget[in] | Specifies the SSO connection as configured in EmpowerID |
loginSession[in] | Specifies the SSO Login Session associated with the SSO instance |
This method returns the merged SAML response.
This method provides custom parsing for the SAML Assertion sent to the OAuth Provider in the OAuth SAML Bearer Assertion Grant
public override string CustomOAuthSAMLValidation( Saml2.SAMLAssertion assertion, C.SAMLSingleSignOn samlSingleSignOn, string logonName ) |
Parameter | Description |
---|---|
assertion[in] | Specifies the SAML assertion sent to the OAuth Provider |
samlSingleSignOn[in] | Specifies the SSO connection as configured in EmpowerID |
logonName[in] | Specifies the logon name of the user that was parsed from the assertion |
This method returns the logon name of the user.
This method is called to retrieve the Smartcard user identity.
public override string ResolveSmartCardUserID( C.SAMLSingleSignOn idpTarget, C.SAMLSingleSignOn ssoTarget, X509Certificate2 certificate ) |
Parameter | Description |
---|---|
idpTarget[in] | Specifies the SSO IDP connection as configured in EmpowerID |
ssoTarget[in] | Specifies the SSO SP connection as configured in EmpowerID |
certificate[in] | Specifies the client X509 certificate from which user identity is to be resolved |
This method returns the resolved user identity.
Select an EmpowerID server as the publishing location and then click Next.
When the wizard has completed publishing, you will be promoted to restart one or more services. Restarting the services allows EmpowerID to pick up your changes as well as make the underlying assembly for the class library available to the local GAC of those services. |
The only way to disable an SSO extension is to remove the extension from active use. After an extension has been removed, you must reset IIS to ensure that the extension is no longer used. |
|