Some information in this post is based on Vittorio’s new book Programming Windows Identity Foundation (Dev – Pro).
Protocols supported by Windows Identity Foundation (WIF):
SAML-P protocol is not supported by WIF. SAML 1.1 and SAML 2.0 tokens can be used with WIF (see Claims Extracted by Windows Identity Foundation from Different Token Types). Sharepoint 2010 claims authentication uses WIF thus does not support SAML-P protocol neither. ADFS 2.0 is a Microsoft product that supports SAML-P protocol. Use ADFS V2.0 to allow SAML 2.0 bsed federation for Sharepoint 2010, here is how – Configuring SharePoint 2010 and ADFS v2 End to End.
Good overview for both ADFS 2.0 and WIF – Security Talk: Azure Federated Identity Security Using ADFS 2.0, another good overview that covers Azure AppFabric Access Control Service (ACS) and ADFS 2.0 integration here – Access Control Service & ADFS v2.0 Integration
There are 3rd parties that offer SAML federation capabilities extending WIF similar to Safewhere’s SAML 2.0 for Windows Identity Foundation and Componentsoft’s ASP.NET SAML Component – SAML 1.1 & SAML 2 for C#, VB.NET & ASP.NE
Case study how Microsoft IT used WIF and ADFS to provide federation with 3rd parties – MSIT Showcase Enhancing Federation Services for Internal and External Partners.
- Windows Identity Foundation (WIF) By Example Part I – How To Get Started.
- Windows Identity Foundation (WIF) By Example Part II – How To Migrate Existing ASP.NET Web Application To Claims Aware
- Windows Identity Foundation (WIF) By Example Part III – How To Implement Claims Based Authorization For ASP.NET Application
- Identity Developer Training Kit
- A Guide to Claims-Based Identity and Access Control – Code Samples
- A Guide to Claims-Based Identity and Access Control — Book Download