Identityserver4: Any recommendation to use this Identity Server 4 with SAML2p for a large customer base

Do you already have a SAML IdP?

Yes, We are using currently some other vendor and it provides SAML 2.0. Our goal is to build our own IDP and support SAML2.0 for time being. this vendor product is getting very expensive for our future growth(~20miilion users)

@frjaffery

We are doing this now. We bought https://www.componentspace.com/ library + ASP.NET Core middle ware. It is pretty cheap too. They are one of the only people with a full SAML library targeting netcoreapp2.0

We treat it as an external login provider and it is working great for us.

They are one of the only people with a full SAML library targeting netcoreapp2.0

Not true: https://www.identityserver.com/products/#SAML2P and https://www.nuget.org/packages/Sustainsys.Saml2.AspNetCore2

@brockallen last I checked you still needed to target the full framework to use that Sustainsys package. They have a dev version but they explicitly recommend not using it for production. This is not the case for ComponentSpace's library and middleware.

Also, your SAML2P product is meant to be an IdP integration to IS4 and not an SP correct?

last I checked you still needed to target the full framework to use that Sustainsys package.

Nope, they put out a preview last week of .NET Core support.

This is not the case for ComponentSpace's library and middleware.

Do you know how it really works? IIRC they run 2 processes -- one in .NET core that proxies over to one on full .NET framework.

Also, your SAML2P product is meant to be an IdP integration to IS4 and not an SP correct?

Yes, mainly meant to be an IdP. I wasn't sure what you meant when you said "full" earlier, so I included both.

These are all good clarifications.

We are trying to build IDP and have done some POC by using

https://www.identityserver.com/products/#SAML2P

main reason we want to use this because we want to support both SAML2.0 and OpenID. Our POC works great we are able to extend to meet our custom need also, but our main concern is if this product is production ready to support ~20million customers (~25k logins/day).
I am wondering if anybody is using in production with this much load and any recommendation for us.

One thing we have noticed that when we use SAML2.0 above then it use .net full framework not core anymore, any concern?

I am new to .net, world and have been in Java world for 15 years. We are also using component space library in Java for our Java apps (SP) to integrate with our current IDP.

Thanks in advance for helping.
Cheers.

IIRC they run 2 processes -- one in .NET core that proxies over to one on full .NET framework.

That's true for the ComponentSpace releases targeting .NET Core 1.1.
Our releases targeting .NET Core 2.0 have no such dependency. The product is a .NET standard 2.0 class library.

That's true for the ComponentSpace releases targeting .NET Core 1.1.
Our releases targeting .NET Core 2.0 have no such dependency. The product is a .NET standard 2.0 class library.

Good to know.

As Brock said, IdentityServer 4 has official support for acting as a SAML2P Identity Provider using the component from Rock Solid Knowledge.

Regarding the number of users, this shouldn't be a problem as all this component does is add protocol support for SAML, using the same user store interaction as core IdentityServer. If it is, just let us know and we'd be happy to help.

Feel free to get in contact for a demo license at https://www.identityserver.com/products/

All set on this issue -- can we close?

Thanks for all your help.

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.