One of the more difficult and painful changes while migrating our enterprise applciations to DotNet Core has been supporting Shibboleth authentication and consequently, implementing our group based authorization system.
There are a few main things we have to implement in our applications in order to leverage Shibboleth.
Additionally, we use a custom group based authorization system that accepts an eName and returns a list of groups associated with that user. This list may include groups that have nothing to do with our application, so the local app must take this list of group names and then do something with it to give our users access to various parts of our appliction.
I’ve included the gist below that should contain all you need to setup your application to work with a hosted shibboleth server.
In general, this is what is going on.