{"id":2621,"date":"2020-06-12T16:28:14","date_gmt":"2020-06-12T10:58:14","guid":{"rendered":"https:\/\/lgconsultancy.wpcomstaging.com\/?p=2621"},"modified":"2022-08-02T12:50:07","modified_gmt":"2022-08-02T12:50:07","slug":"azure-ad-saml","status":"publish","type":"post","link":"https:\/\/lng-consultancy.com\/staging\/5474\/azure-ad-saml\/","title":{"rendered":"Azure AD + SAML"},"content":{"rendered":"\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/lngconsultancy.co.za\/wp-content\/uploads\/2020\/06\/active-directory.jpg?fit=900%2C506&ssl=1\" alt=\"\" class=\"wp-image-2622\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">In every web application, while making architectural and design-based decisions, deciding which identity provider is to be used is always a critical aspect because it defines overall security layer of a web app. In Microsoft technical stack, Azure AD will always have a top edge because apart from Microsoft\u2019s top-notch security, it adds up other advantages like quick and easy SSO integrations, user & roles management, monitoring and alerts. There are various components within Azure AD, but this topic focuses on Azure AD B2C integration in .NET Core web application and custom SAML based SSO integration. So, here are the pointers which would be covered in detail:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li><strong>What is Azure AD<\/strong><\/li><li><strong>Steps to setup Azure AD <\/strong><\/li><li><strong>Integration into web application<\/strong><\/li><li><strong>What is SAML<\/strong><\/li><li><strong>Custom SAML Authentication in .NET web application<\/strong><\/li><\/ol>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is Azure AD<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft introduced concept of Active Directory in 2000. In 2010, Microsoft took same concept to cloud with the name of Azure AD but with quite a lot of difference between the both. It is a cloud hosted Identity as a service solution. Azure AD acts as an authentication store and a service for managing access to various resources such as users, apps and other servers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Basic solution architecture of any web app integrated with Azure AD looks like:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/lgconsultancy.wpcomstaging.com\/wp-content\/uploads\/2020\/06\/image-3.png?ssl=1\" alt=\"\" class=\"wp-image-2623\"\/><\/figure>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong><strong>Terminology<\/strong><\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Before starting with other concepts, it is incredibly important to understand some of the primary terminologies:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Account<\/strong> \u2013 If an identity has a profile, it is an account. So, identity with data becomes an account. In Microsoft terminology and in some of the services, an account can be classified as Work or School account.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Identity<\/strong> \u2013 Identity is not just a user but anything that can get authenticated. It includes users with credentials, applications and server with secret key or certificates-based authentication.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Authentication<\/strong> \u2013 Authentication is just a mechanism to permit a resource entry into a service\/app\/device. It does not guarantee access to all the resources. Microsoft identity platform uses Open ID Connect for authentication.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Authorization<\/strong> \u2013 Once authenticated, authorization provides a layer for granting and managing access\/permission to do something. It provides capabilities of classifying data access to authenticated identities. Microsoft uses OAuth protocol for authorization.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Azure Tenant \u2013 <\/strong>A single organisation\u2019s dedicated space or instance. Organisation here can be a logical component within a master entity. For example, Microsoft is a physical entity which has various tenants like Office 365, Dynamics CRM, and Azure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Single Tenant<\/strong> \u2013 Every dedicated azure tenant without any sharing capabilities is called a single tenant.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Multi-Tenant<\/strong> \u2013 Azure tenants accessing services across the organisations\/tenants are called multi-tenant. For example, two independent online stores having Azure AD as their identity provider are single tenants, but they become multi-tenant as soon as they start sharing identities or services between them.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Resource Group <\/strong>-Azure Resources Groups\u00a0are logical collections of azure resources such as virtual machines, storage accounts, virtual networks, web apps, databases. It is a container that holds related resources for an Azure solution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>SSO<\/strong> \u2013 Single Sign On (SSO) is a mechanism to authenticate users across the applications with single credentials. By implementing SSO, Several independent applications can grant access to single user with one user id and password. In active directory environment, it can be achieved via LDAP and on web\/cloud hosted environments, it can be achieved via Open ID connect, SAML. It can be classified as Social SSO and Enterprise SSO.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>SAML<\/strong> \u2013 Security Assertion Markup Language (SAML) is an authentication mechanism for providing Single Sign On (SSO) capabilities within enterprise applications. It is like Open ID Connect but it is always used within identity providers whereas Open ID connect is used for cloud-based apps such as web APIs, web, and mobile applications.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Advantages<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure AD provides direct replacement for managing own accounts database. It provides inbuilt capabilities for various social SSOs like Facebook, Google, and Twitter. Some of the <strong>advantages of using Azure AD<\/strong> are:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Since it is a cloud hosted distributed system, it provides high scalability, high performance via various data centers and its robust architecture provides continuous availability.<\/li><li>Microsoft Azure AD has proven Security mechanisms for protecting user data and credentials.<\/li><li>Centralized administration of users throughout geographical locations.<\/li><li>It has various <strong>useful inbuilt components<\/strong> such as:<ul><li>SSO capabilities via OpenID connect and SAML<\/li><li>Secure access via MFA<\/li><li>Application proxy for publishing on-premises remote access<\/li><li>Reporting such as Security reports, Activity reports<\/li><\/ul><\/li><\/ol>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Azure AD Architecture<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Azure AD is a geographically distributed component. Its architecture assures high scalability, high availability and high performance. For achieving all of this, it requires the following <strong>components<\/strong>:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Extensive monitoring<\/li><li>Automated re-routing<\/li><li>Failover and recovery capabilities<\/li><\/ol>\n\n\n\n<p class=\"wp-block-paragraph\">Every scalable architecture relies upon its independent building blocks. In Azure AD data tier, these building blocks are called partitions. On a high level, following <strong>diagram depicts how components of single directory partition are delivered via geographically distributed data centers<\/strong>:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/lgconsultancy.wpcomstaging.com\/wp-content\/uploads\/2020\/06\/45525iC5DDA442059BFCB8.png?ssl=1\" alt=\"\" class=\"wp-image-2624\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">Azure AD data tier has various front-end services that provide read-write capabilities. The components of Azure AD architecture:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Primary replica \u2013 <\/strong>Primary replicas receive all the writes for the partition they belong to. Every write delivered to primary replica also goes immediately to one of the secondary replicas in a different data center. This ensures data availability in case primary replica fails for any of the reasons. There are two types of primary replicas, Active primary receives all the writes, passive gets replicated from primary and passive replica can assume the role of active primary in case of a failure.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><strong>Secondary replica<\/strong> \u2013 Secondary replicas are responsible for read scalability. They are distributed geographically and serve all directory reads. Data replication across the secondary replicas is done asynchronously. Secondary replicas are also participants in ensuring performance because some of the reads are classified to be delivered via a closest datacenter to the user.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">High Scalability is achieved via multiple partitions. Primary replica\u2019s data is partitioned for write scalability. Read scalability is achieved by replicating data across Secondary replicas. High Availability is achieved because traffic can be shifted to any of the data centers quickly. These data centers are independent, hence enabling de-correlated nodes. Because traffic is manageable via data centers across the geographical regions, maintenance becomes extremely easy.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Setup Azure AD<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Creation of Azure AD depends entirely on business requirements. Since context of this article is to setup public web application with Azure AD, following steps are for setting up Azure AD B2C tenant, publishing web application to Azure and registering web application with Azure AD to  set it up as an Identity provider.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1. <strong>Create B2C tenant<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Following are the high-level steps for creating Azure AD B2C tenant.<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create an Azure AD B2C tenant<\/li><li>Link your tenant to your subscription<\/li><li>Switch to the directory containing your Azure AD B2C tenant<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">For more information and step by step guide, please visit Microsoft docs at below link:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/tutorial-create-tenant\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/tutorial-create-tenant<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">2. <strong>Create and publish web application to Azure<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Create ASP.NET Core web application in Visual Studio<\/li><li>Publish web application to Azure by creating a new App Service<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/aspnet\/core\/host-and-deploy\/azure-apps\/?view=aspnetcore-3.1&tabs=visual-studio\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/app-service\/app-service-web-get-started-dotnet<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">3. <strong>Register an application<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Register a web application in Azure AD<\/li><li>Create a client secret<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/tutorial-register-applications?tabs=app-reg-ga\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/tutorial-register-applications?tabs=app-reg-ga<\/a><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">4. <strong>Create User Flows<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A user flows provide capabilities to define user journeys, which in result, generates a policy for authorization. A user flow gives control over:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Account types to be used in \u201csign in\u201d or \u201csign up\u201d<\/li><li>User attributes to be collected<\/li><li>User attributes to be sent back in the form of claim as part of auth token<\/li><li>Ability to use custom pages<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/tutorial-create-user-flows\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory-b2c\/tutorial-create-user-flows<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong><strong>Setup .NET Core Web application<\/strong><\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">For configuring .NET core web application, Authentication schemes for both login and authorization needs to be configured. Microsoft has published a NuGet package for configuring authentication handlers.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1) Please install following NuGet pakage:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>Microsoft.AspNetCore.Authentication.AzureAD.UI<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">2) Add OpenIdConnect authentication to Startup.cs file:<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\"><p>services.AddAuthentication(options =><br \/>\n            {<br \/>\n                options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;<br \/>\n                options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;<br \/>\n                options.DefaultChallengeScheme = signUpInPolicy;<br \/>\n            })<br \/>\n            .AddOpenIdConnect(signUpPolicy, options =><br \/>\n            {<br \/>\n                options.MetadataAddress = $\u201dhttps:\/\/Laurasia.b2clogin.com\/Laurasia.onmicrosoft.com\/{policy}\/v2.0\/.well-known\/openid-configuration\u201d;<br \/>\n                options.ClientId = \u201c\u201d;<br \/>\n                options.ResponseType = OpenIdConnectResponseType.IdToken;<br \/>\n                options.CallbackPath = \u201c\/signin\/\u201d + signUpInPolicy;<br \/>\n                options.SignedOutCallbackPath = \u201c\/signout\/\u201d + policy;<br \/>\n                options.SignedOutRedirectUri = \u201c\/\u201d;<br \/>\n                options.TokenValidationParameters.NameClaimType = \u201cpreferred_name\u201d;<br \/>\n            })<\/p>\n<\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\">3) Add SignIn Action to controller<\/p>\n\n\n[HttpGet(\u201c{scheme?}\u201d)]\npublic IActionResult SignIn([FromRoute] string scheme)<br \/>\n {<br \/>\n      var redirectUrl = Url.Content(\u201c~\/\u201d);<br \/>\n       return Challenge(<br \/>\n           new AuthenticationProperties { RedirectUri = redirectUrl });<br \/>\n }<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is SAML<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Security Assertion Markup Language (SAML) is an open standard mechanism which provides capabilities for exchanging Authentication and authorization between Identity Providers (IDP) and Service Providers (SP). SAML is primarily used in enterprise applications between two business entities to provide SSO capabilities for their users. Under-given is a high -level <strong>example of how SAML works<\/strong> in a typical scenario:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/i0.wp.com\/lngconsultancy.co.za\/wp-content\/uploads\/2020\/06\/security-assertion-markup-language-saml-explainer-100738529-orig.jpg?fit=900%2C608&ssl=1\" alt=\"\" class=\"wp-image-2630\"\/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">All the SAML tokens are validated and verified against provided metadata. Metadata can be dynamic and configured on a URL or it can be statically kept in file system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Custom SAML Authentication in .NET web application<\/strong><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To add SAML capabilities in a .NET web application, a controller action to receive SAML assertion and an authentication handler to initiate SSO are required.<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Steps to integrate SAML assertion capabilities<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">1) Add NuGet package (Sustainsys.Saml2)<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">2) Add Saml2 authentication handler.<\/p>\n\n\n<p>.AddSaml2(options =><br \/>\n            {<br \/>\n                options.SPOptions.EntityId = new EntityId(this.Configuration[\u201cSaml:SPEntityId\u201d]);<br \/>\n                options.SPOptions.ReturnUrl = new Uri(this.Configuration[\u201cSaml:SPReturnUrl\u201d]);<br \/>\n                options.IdentityProviders.Add(<br \/>\n                    new IdentityProvider(<br \/>\n                        new EntityId(this.Configuration[\u201cSaml:IDPEntityId\u201d]), options.SPOptions)<br \/>\n                    {<br \/>\n                        LoadMetadata = true<br \/>\n                    });<br \/>\n                options.SPOptions.ServiceCertificates.Add(new X509Certificate2(this.Configuration[\u201cSaml:CertificateFileName\u201d]));<br \/>\n            })<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">3) By default, the NuGet package (added above) adds a \/Saml2\/Acs which validates SAML token against the metadata and signs in application upon success via cookies.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">4) Example SignIn and LoginCallback controller actions<\/p>\n\n\n[AllowAnonymous]\n        [HttpGet(\u201cInitiateSingleSignOn\u201d)]\n        public IActionResult InitiateSingleSignOn(string returnUrl)<br \/>\n        {<br \/>\n            return new ChallengeResult(<br \/>\n                Saml2Defaults.Scheme,<br \/>\n                new AuthenticationProperties<br \/>\n                {<br \/>\n                    RedirectUri = Url.Action(nameof(LoginCallback), new { returnUrl })<br \/>\n                });<br \/>\n        }<\/p>\n<p>        [AllowAnonymous]\n        [HttpGet(\u201cInitiateSingleLogout\u201d)]\n        public IActionResult LogoutCallback(string returnUrl)<br \/>\n        {<br \/>\n            HttpContext.Session.Clear();<\/p>\n<p>            if (!string.IsNullOrEmpty(returnUrl))<br \/>\n            {<br \/>\n                return Redirect(returnUrl);<br \/>\n            }<\/p>\n<p>            return this.Ok();<br \/>\n        }<\/p>\n\n\n\n<p class=\"has-medium-font-size wp-block-paragraph\"><strong>Example SAML Assertions<\/strong>:<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Sample SAML responses can be found at: <a href=\"https:\/\/www.samltool.com\/generic_sso_res.php\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/www.samltool.com\/generic_sso_res.php<\/a><\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p class=\"wp-block-paragraph\">To summarize, Azure AD is actually very robust, secure and flexible identity provider. It makes setting up application\u2019s authentication and authorization very quick and easy. SAML capabilities add another layer of flexibility to have it integrated with third-party or external SPs\/IDPs. <\/p>\n<\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In every web application, while making architectural and design decisions, deciding which identity provider is to be used is always a critical aspect because it defines overall security layer of a web app. In Microsoft technical stack, Azure AD will always have a top edge because apart from Microsoft\u2019s top-notch security, it adds up other advantages like quick and easy SSO integrations, user, and roles management, monitoring and alerts.<\/p>\n","protected":false},"author":19,"featured_media":7307,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"nf_dc_page":"","om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[32],"tags":[48,49],"class_list":["post-2621","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-software-development","tag-azure-ad","tag-saml"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Azure AD + SAML - L&amp;G Consultancy<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/lng-consultancy.com\/azure-ad-saml\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Azure AD + SAML - L&amp;G Consultancy\" \/>\n<meta property=\"og:description\" content=\"In every web application, while making architectural and design decisions, deciding which identity provider is to be used is always a critical aspect because it defines overall security layer of a web app. In Microsoft technical stack, Azure AD will always have a top edge because apart from Microsoft\u2019s top-notch security, it adds up other advantages like quick and easy SSO integrations, user, and roles management, monitoring and alerts.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/lng-consultancy.com\/azure-ad-saml\/\" \/>\n<meta property=\"og:site_name\" content=\"L&amp;G Consultancy\" \/>\n<meta property=\"article:published_time\" content=\"2020-06-12T10:58:14+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-02T12:50:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lng-consultancy.com\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"628\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Charanpreet Singh\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Charanpreet Singh\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/\"},\"author\":{\"name\":\"Charanpreet Singh\",\"@id\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/#\\\/schema\\\/person\\\/5dc3b323c5f0797bdc776ae36267fda4\"},\"headline\":\"Azure AD + SAML\",\"datePublished\":\"2020-06-12T10:58:14+00:00\",\"dateModified\":\"2022-08-02T12:50:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/\"},\"wordCount\":1720,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/lng-consultancy.com\\\/staging\\\/5474\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1\",\"keywords\":[\"Azure AD\",\"SAML\"],\"articleSection\":[\"Software Development\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/\",\"url\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/\",\"name\":\"Azure AD + SAML - L&amp;G Consultancy\",\"isPartOf\":{\"@id\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/i0.wp.com\\\/lng-consultancy.com\\\/staging\\\/5474\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1\",\"datePublished\":\"2020-06-12T10:58:14+00:00\",\"dateModified\":\"2022-08-02T12:50:07+00:00\",\"author\":{\"@id\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/#\\\/schema\\\/person\\\/5dc3b323c5f0797bdc776ae36267fda4\"},\"breadcrumb\":{\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#primaryimage\",\"url\":\"https:\\\/\\\/i0.wp.com\\\/lng-consultancy.com\\\/staging\\\/5474\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1\",\"contentUrl\":\"https:\\\/\\\/i0.wp.com\\\/lng-consultancy.com\\\/staging\\\/5474\\\/wp-content\\\/uploads\\\/2020\\\/06\\\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1\",\"width\":1200,\"height\":628},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/lng-consultancy.com\\\/azure-ad-saml\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/lng-consultancy.com\\\/staging\\\/5474\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Azure AD + SAML\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/#website\",\"url\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/\",\"name\":\"L&amp;G Consultancy\",\"description\":\"Your Technology Partner\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"http:\\\/\\\/sh024.global.temp.domains\\\/~landgcon\\\/#\\\/schema\\\/person\\\/5dc3b323c5f0797bdc776ae36267fda4\",\"name\":\"Charanpreet Singh\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/60f39e431ff12acc271104a91c55cf1c75285d9be16fe4a8db4ac997fa1b4e7e?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/60f39e431ff12acc271104a91c55cf1c75285d9be16fe4a8db4ac997fa1b4e7e?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/60f39e431ff12acc271104a91c55cf1c75285d9be16fe4a8db4ac997fa1b4e7e?s=96&d=mm&r=g\",\"caption\":\"Charanpreet Singh\"},\"url\":\"https:\\\/\\\/lng-consultancy.com\\\/staging\\\/5474\\\/author\\\/charanpreetsingh83\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Azure AD + SAML - L&amp;G Consultancy","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/lng-consultancy.com\/azure-ad-saml\/","og_locale":"en_US","og_type":"article","og_title":"Azure AD + SAML - L&amp;G Consultancy","og_description":"In every web application, while making architectural and design decisions, deciding which identity provider is to be used is always a critical aspect because it defines overall security layer of a web app. In Microsoft technical stack, Azure AD will always have a top edge because apart from Microsoft\u2019s top-notch security, it adds up other advantages like quick and easy SSO integrations, user, and roles management, monitoring and alerts.","og_url":"https:\/\/lng-consultancy.com\/azure-ad-saml\/","og_site_name":"L&amp;G Consultancy","article_published_time":"2020-06-12T10:58:14+00:00","article_modified_time":"2022-08-02T12:50:07+00:00","og_image":[{"width":1200,"height":628,"url":"https:\/\/lng-consultancy.com\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg","type":"image\/jpeg"}],"author":"Charanpreet Singh","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Charanpreet Singh","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#article","isPartOf":{"@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/"},"author":{"name":"Charanpreet Singh","@id":"http:\/\/sh024.global.temp.domains\/~landgcon\/#\/schema\/person\/5dc3b323c5f0797bdc776ae36267fda4"},"headline":"Azure AD + SAML","datePublished":"2020-06-12T10:58:14+00:00","dateModified":"2022-08-02T12:50:07+00:00","mainEntityOfPage":{"@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/"},"wordCount":1720,"commentCount":0,"image":{"@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/lng-consultancy.com\/staging\/5474\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1","keywords":["Azure AD","SAML"],"articleSection":["Software Development"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/lng-consultancy.com\/azure-ad-saml\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/","url":"https:\/\/lng-consultancy.com\/azure-ad-saml\/","name":"Azure AD + SAML - L&amp;G Consultancy","isPartOf":{"@id":"http:\/\/sh024.global.temp.domains\/~landgcon\/#website"},"primaryImageOfPage":{"@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#primaryimage"},"image":{"@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#primaryimage"},"thumbnailUrl":"https:\/\/i0.wp.com\/lng-consultancy.com\/staging\/5474\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1","datePublished":"2020-06-12T10:58:14+00:00","dateModified":"2022-08-02T12:50:07+00:00","author":{"@id":"http:\/\/sh024.global.temp.domains\/~landgcon\/#\/schema\/person\/5dc3b323c5f0797bdc776ae36267fda4"},"breadcrumb":{"@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/lng-consultancy.com\/azure-ad-saml\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#primaryimage","url":"https:\/\/i0.wp.com\/lng-consultancy.com\/staging\/5474\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1","contentUrl":"https:\/\/i0.wp.com\/lng-consultancy.com\/staging\/5474\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1","width":1200,"height":628},{"@type":"BreadcrumbList","@id":"https:\/\/lng-consultancy.com\/azure-ad-saml\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/lng-consultancy.com\/staging\/5474\/"},{"@type":"ListItem","position":2,"name":"Azure AD + SAML"}]},{"@type":"WebSite","@id":"http:\/\/sh024.global.temp.domains\/~landgcon\/#website","url":"http:\/\/sh024.global.temp.domains\/~landgcon\/","name":"L&amp;G Consultancy","description":"Your Technology Partner","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/sh024.global.temp.domains\/~landgcon\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"http:\/\/sh024.global.temp.domains\/~landgcon\/#\/schema\/person\/5dc3b323c5f0797bdc776ae36267fda4","name":"Charanpreet Singh","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/60f39e431ff12acc271104a91c55cf1c75285d9be16fe4a8db4ac997fa1b4e7e?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/60f39e431ff12acc271104a91c55cf1c75285d9be16fe4a8db4ac997fa1b4e7e?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/60f39e431ff12acc271104a91c55cf1c75285d9be16fe4a8db4ac997fa1b4e7e?s=96&d=mm&r=g","caption":"Charanpreet Singh"},"url":"https:\/\/lng-consultancy.com\/staging\/5474\/author\/charanpreetsingh83\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/lng-consultancy.com\/staging\/5474\/wp-content\/uploads\/2020\/06\/Untitled-design-28.jpg?fit=1200%2C628&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/posts\/2621","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/comments?post=2621"}],"version-history":[{"count":1,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/posts\/2621\/revisions"}],"predecessor-version":[{"id":7308,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/posts\/2621\/revisions\/7308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/media\/7307"}],"wp:attachment":[{"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/media?parent=2621"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/categories?post=2621"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lng-consultancy.com\/staging\/5474\/wp-json\/wp\/v2\/tags?post=2621"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}