SAML 2.0 tokens and WIF – bridging the divide

Background We all know the following limitations about Windows Identity Foundation (WIF) and passive (browser) federation protocols, right? WIF does not support SAML2.0 protocol (SAML2P) There is a WIF extension out there to support SAML2P but it is a technology preview WIF does support SAML2.0 (SAML2) tokens WS-Federation conveys SAML1.1 tokens Therefore, unless you use…

5

Claims to Windows Token Service keeps entering disabled state

On a recent project I was tasked with securing an ASP.NET MVC site using ADFS. There was also a requirement to flow the end-user identity down through the various tiers, necessitating the use of Kerberos Constrained Delegation (KCD). In order to achieve KCD, the SAML assertion returned from ADFS must first be converted to a…

2

Write a custom security token and handler in Windows Identity Foundation

In this article I will demonstrate how to write a token handler for a custom token in Windows Identity Foundation (WIF). The likely circumstances for requiring a new token type are: The token type is pre-existing and needs to be federated The new token type is an extension to a token type already supported by…

2

Handling optional claims with the ADFS Claims Rule Language

It is a perfectly normal scenario for claims to be optional in a token. For example, a SAML assertion may contain the mandatory claims: http://www.contoso.com/claims/givenname http://www.contoso.com/claims/surname and optionally the claim: http://www.contoso.com/claims/dateofbirth The ADFS Claims Rule Language is designed to allow claims from incoming tokens to be used to query data stores for additional claims. At…

2

Mutual authentication with a IIS hosted WCF data service installed in a workgroup environment

This post covers the steps required to secure communication between a WCF client and a WCF data service using mutual certificate authentication. The client/service topology is depicted below: Both the client and server run on a Windows Server 2008 R2 virtual machine with Windows SDK 7.1, Visual Studio 2010, SQL Server Express 2008 R2 and…

2

Windows Azure toolkit for Windows Phone 7

Hi all I am having great fun playing with this toolkit to see how WP7 apps can be properly secured using the Azure Access Control Service (ACS). I hit a couple of problems while trying to create a new ‘Windows Phone Cloud Application’ project in Visual Studio though, at the following screen: 1) Make sure the ACS namespace is…