Progress will discontinue Telerik Platform on May 10th, 2018. Learn more

Integrating Active SAML Federation

Integrating Active SAML Federation

Active federation involves contacting the SAML IdP web services endpoints directly. You need to obtain the user credentials from your app user before you can use active federation. The type of credentials vary from SAML IdP to SAML IdP.

Prerequisites

You need to make certain settings before you can successfully log in your app users through a SAML IdP.

Getting SAML Metadata

You can use the GetSamlMetadata() method to read the app's SAML metadata from the Telerik Platform servers. The SamlMetadata class contains MetadataUrl (or MetadataXML) and Audience members that correspond to the settings that you configured for your app on the backend.

public async Task<SamlMetadata> GetSamlMetadata()
{
    return await this.everliveApp.WorkWith().Authentication().GetSamlMetadata().ExecuteAsync();
}

Obtaining a SAML Assertion

You need to obtain a SAML assertion from the SAML IdP before calling the Telerik Platform endpoint for registration/authentication.

How you obtain the SAML assertion depends on your SAML IdP. Consult its documentation for detailed steps. The general steps include the following:

  1. Prepare an XML file with information specific to your SAML IdP and Telerik Platform.
    You will most likely need the Telerik Platform Audience URL and Reply URL.
  2. Send the XML file deflated, Base64-encoded and URL-encoded to a designated endpoint provided by the SAML IdP.
  3. Parse the XML response to extract the assertion value.
  4. Encode the assertion value to a URL-safe format.

Registering or Authenticating a User

After you obtain a SAML assertion from the SAML IdP, you can use the LoginWithSaml() method overload that accepts a URL-encoded assertion.

On first invocation, LoginWithSaml registers the user. Consequent invocations for the same user authenticate the user.

On success, the method returns an object containing a Telerik Platform access token (not to be mistaken with the SAML assertion) that can be used with further Backend Services JavaScript SDK operations. In that, the LoginWithSaml() method behaves similarly to the Login() method.

public async Task<AccessToken> LoginUser(EverliveApp app, string token)
{
    return await app.WorkWith().Authentication().LoginWithSaml(token).ExecuteAsync();
}

See Also

Contact us: +1-888-365-2779
sales@telerik.com
Copyright © 2016-2017, Progress Software Corporation and/or its subsidiaries or affiliates. All rights reserved.