SAML 2.0 Browser/Post Profile Single Sign-On to classic asp web site

I'm new in SAML 2.0 Single Sign-On implementation. My client needs to provide them a Single Sign-On on my classic asp website by SAML 2.0 Browser/Post Profile. My client will provide me the xml meta data and certificate b开发者_Go百科ut I don't know the solution that I'll provide with them.

Could it be possible to do SAML 2.0 Browser/Post Profile with my classic asp site? What are the task and solution the I need to do?

Please advise. Thanks for the help in advance.

Certainly possible - although you could have some challenges in a classic ASP environment. Do you know if you will be acting as an Identity Provider or Service Provider in this SSO setup? From the sounds of it, I would expect Service Provider - in which case you will need to parse & validate incoming SAML Assertions, and also possibly send SAML AuthnRequests to the IdP. The metadata your partner provides will guide you on what protocols/URL's/certificates they will be using.

To handle the SAML protocol, you could re-invent the wheel by writing your own code in ASP. Of course that would be time consuming and risky, it would be simpler if you used a proven solution. There may be some but I'm not aware of any free/open source ASP implementations, so you might want to consider a commercial solution like Component Space (http://www.componentspace.com/ - although it will require .NET), or something like PingFederate Express which offers a simple IIS plug-in (http://www.pingidentity.com/our-solutions/pingfederate-express.cfm).

You could wrap the .NET SAML handling classes in a COM library. I have a similar project and this looks like what I'll have to do.

Scott T has a point. PFE is one possibility if your client also uses PF. If you were to utilize PingFederate (PF) you could either use our (I work for PI.com) IIS plug-in or Agentless Integration Kit (we have quite a few supporting classic ASP apps this way today) to quickly add SAML support to your app. The use of PF would allow you to support SAML 2.0/1.1/1.0/WS-Fed/OpenID (and others) simultaneously with a single, simple, secure integration to your application. Check out http://www.pingidentity.com/partners/SaaS-Partner-Program.cfm for more info.

--Ian