Overview
Our system expects a form POST to the endpoint https://<store’s url>/store/SingleSignon/SAML2/Login.aspx. The body of that form must contain a SAMLResponse field that has a value which is set to the signed, encrypted and base64 encoded assertion. The assertion must contain the following attributes CustomerEmail, CustomerFirstName, CustomerLastName and CustomerUserName. Here’s an example of the form input:
The configuration screen is at https://<store url>/Store/Admin/Tools/AddOns/SAML2.aspx. Attribute names can be configured and the client public key and server private keys need to be defined.
Setting Up Certificates
Upload the certificates to the Store's path using the File Manager:
Add these local paths to the integration settings:
Creating Self Signed Certs
Microsoft Visual Studio 2005 provides utilities (in the Common7\Tools\Bin directory) which can be used to generate a certificate. Follow the steps below to create the public and private key pair and certificate in .NET:
- makecert -r -pe -n "CN=Test Certificate" -sky exchange -sv testcert.pvk testcert.cer
- pvk2pfx -pvk testcert.pvk -spc testcert.cer -pfx testcert.pfx -po
By default, the RSA algorithm is used in the commands above. Step 1 uses the Certificate Creation Tool (makecert.exe) to create a self signed X.509 certificate called testcert.cer and the corresponding private key. Step 2 uses the pvk2pfx Tool (pvk2pfx.exe) to create a Personal Information Exchange (PFX) file from a CER and PVK file. The PFX contains both your public and private key.
The testcert.cer file created in Step 1 can be uploaded to Google Apps using the Control Panel; and, testcert.pfx from Step 2 can be used to create an X509Certificate2 (.NET 2.0+) instance for signing the SAML response. This is demonstrated in the ASP.NET SSO sample application.
makecert details
-n specifies the subject name
-pe marks the private key as exportable
-sky specifies the subject's key type Signature which indicates that the key is used for signature and exchange that means the key is used for encryption
-r Creates a self-signed certificate
-sv specifies the private key file. The file is created if it doesn't exists
pvk2pfx details
-pvk Specifies the name of a .pvk file
-spc Specifies the name and extension of the file that contains the cert
-pfx Specifies the name of a .pfx file (in our case the output)
-po You have to supply the pfx password or the file will not open!