ASP.NET (C#) Shibboleth Login
We are looking to create a mechanism that will support allowing users to log into our web site from a variety of third-party identity providers using Shibboleth. This will include a login page where a user can select from a list of available providers which will be changed/added to, the logic to connect to the third-party identity provider login page via Shibboleth, and getting returned values from the provide upon successful login (ultimately the user ID, possibly first/last name and email as well).
1. A login page where the user will select one of several providers they will use to log in.
Initially we are looking for a page where a user can select from minimally a drop-down menu. When the user clicks login, they will be directed via Shibboleth to the provider's login page.
2. The user will then be taken to the appropriate third-party login page.
The transactions to and from the provider's login page will need to be coded including a valid metadata file, certificate handling, etc...
3. The third-party site will return (assuming) a user ID of some sort.
Upon successful login, we are expecting at a minimum a user ID to be returned. If we can get first/last name and email better - not sure if they are in a standard format across providers.
Experience-level for this project will be:
1. Familiarity with ASP.NET C#-based web sites using standard web forms (this project is not using MVC)
2. Experience with SAML authentication particularly Shibboleth-based authentication. Shibboleth is required.
Deliverables:
Well-formatted and documented full source code for an ASP.NET (C#) website consisting of the following:
1. [login to view URL], .[login to view URL]
- login page consisting of a drop-down to select a provider (at least one test provider must be available to demonstrate the code works - see [login to view URL] for sample hosted providers)
- business logic to connect via SAML (Shibboleth required) to provider and redirect to provider login page (this will be written and well-documented including any certificate handling necessary)
- business logic to connect via SAML (Shibboleth required) to provider and obtain user ID after successful login
2. [login to view URL], .[login to view URL]
- page that prints out the user ID returned from the Shibboleth server showing successful login
3. MetaData XML file to be shared with identity providers
4. Documentation as to how to properly configure a new identity provider for use with this site (how to generate certificate files and metadata files).