I have written an MVC controller for a much larger web application that facilitates an SSO integration with a business partner using SAML 2.0.
The users for web application must first authenticate against Active Directory before having access.
The application simply pulls additional data from the AD object for the user currently logged in then uses this data to generate the SAML Assertion and then posts it to their SSO provider Url using the following code:
string _ssoPostData = _sso.GenerateRequest();
_request = (HttpWebRequest)WebRequest.Create(_sso.Recipient);
_request.CookieContainer = _cookieContainer;
_request.AllowAutoRedirect = true;
_request.UserAgent = "Identity Provider Client";
_request.Method = "POST";
_request.ContentType = "application/x-www-form-urlencoded";
_request.ContentLength = _ssoPostData.Length;
Stream _requestStream = _request.GetRequestStream();
_requestStream.Write(System.Text.Encoding.UTF8.GetBytes(_ssoPostData), 0, _ssoPostData.Length);
_response = (HttpWebResponse)_request.GetResponse();
The problem I'm trying to solve is this; when the WebRequest is made and a connection to the server is established, the server assigns a JSESSIONID for this connection. The response received contains the destination URL the user should be redirected to along with 2 cookies, one with the JSESSIONID value and another with a USERID value, that must be returned with every subsequent call to the server.
So my question is, is there a way to take the session/cookies created when the web request/session is established to the SSO server and hand that session back to the browser that the web application was launched from?
Any help is very much appreciated.
Thanks,
Richard
What I have tried:
I've tried using
Response.Redirect()
with the Url returned by the call to the SSO service but it still invalidates the session and takes me back to the services login page.