Announcing the WIF Extension for SAML 2.0 Protocol Community Technology Preview!


It is our pleasure to announce the availability of the first CTP release of the WIF (Windows Identity Foundation) Extension for the SAML 2.0 Protocol ! We heard your feedback about the necessity to have support for the SAML 2.0 protocol in WIF. Today, we announce an extension to WIF that delivers on that feedback.

This WIF extension allows .NET developers to easily create claims-based SP-Lite compliant Service Provider applications that use SAML 2.0 conformant identity providers such as AD FS 2.0.

This CTP release includes a set of samples that illustrate how to use the extension. You can download the package that includes the WIF Extension for SAML 2.0 Protocol and samples from here.

Key features of this extension include:

  • Service Provider initiated and Identity Provider initiated Web Single Sign-on (SSO) and Single Logout (SLO)
  • Support for the Redirect, POST, and Artifact bindings
  • All of the necessary components to create a SP-lite compliant service provider application

We’ll be looking for your questions, comments, and other feedback on the claims based identity forum here.  Watch this blog for future posts about the roadmap of this WIF extension. 

Happy coding!

The WIF Team

Comments (36)

  1. Anonymous says:

    Finally! This makes me so happy!

    http://www.idmcrisis.com/…/Finally!!!-SAML2-for-WIF.aspx

  2. Anonymous says:

    Does this also mean that for SharePoint 2010, we no longer need an ADFSv2 box for protocol transition?

  3. Anonymous says:

    ID4338: SAML Message has wrong signature

  4. Anonymous says:

    Where can I find code samples for this? Specfically, for processing the SAML request from the IDp by the Service Provider.

  5. Anonymous says:

    This great news! We were struck with WS-Federation 1.1 (2005 version) with our vendor who had Shibolleth enabled jsp application as RP. This SAML extension is right in time. I am going to try and post my comments.

  6. Anonymous says:

    So, with this extension we can create only the SP application? not SAML 2.0 complaint STS?

  7. Anonymous says:

    I was getting the SAML message has wrong signature until I noticed that some of the projects were targeting the .NET 3.5 framework and some were targeting .NET 4.0.  Once they were all 4.0, it ran successfully.

  8. Anonymous says:

    Hello WIF Team,

    Could you provide some roadmap, when you plan to release WIF Extensions for OAuth?

    Bacause it published with  Pre-release license which prevents us to use it in production.

  9. Anonymous says:

    I have been using the extension since day 1 and while generally it has worked well , I find one major issue. That of being able to have certs outside of the xml file. We need to be Fibs complaint , which means the XML or even same machine will not fly. I have replaced the ServiceTokenResolver (through the service configuration and that works. The issue is with IDP  initiated logout or SP initiated login. In both cases the module tries to get the cert ( which there is none from the config) and fails. While I have been able to take care of that from the sp initiated login, created my own method . I cannot do that in the IDP Initiated logout.  In that case the logout request is handled properly and a logout response is trying to be sent, however there is no cert associated and there is no way to hook into this.  The issue arises from the message decoder  (which is unfortunately a privet member with no accessory  ,_messageDecorator in saml2authentication module ) the value for this decoder is only created once , in the constructor, where the cert  is read from the config file.  Thus if nothing in the config it does not work, no matter what you do with the servicetokenresolver,.  Any way of getting this fixed.

    Thank you

  10. Anonymous says:

    Regarding the document "AD FS 2.0 as the SAML 2.0 Identity Provider for the Service Provider Sample".

    Step 1: Using the SamlConfigTool

    Enter your entity ID

    The example entry from the program is contoso.com — indicating the domain of the Idp.

    But the example entry in this document is https://myIISserver/ServiceProvider

    Which is correct?

  11. Any news when this might be available as part of Azure ACS v2?

    Sincerely,

    Adam

  12. Anonymous says:

    We are trying to use this extension in our application, this works fine if we used web app, but we have problem when we put our web app in a Azure Web Role, apparently it can’t redirect to our default page in azure emulator. Any help will be very appreciated

  13. Anonymous says:

    Can this CTP version be deployed to production? Would there be an RTM version later? if so, when do you plan on releasing the RTM version?

  14. Anonymous says:

    Can the current WIF SDK be used to create a RP application that receives SAMLv2 tokens?

    The IdP/STS is most like an OpenAm server. The RP is an ASP.NET MVC3 project.

  15. Anonymous says:

    It looks like this extension does not work on Windows Server 2008 R2 64-bit (WIF runtime 64-bit), the Saml2AuthenticationModule module does not seem to intercept the virtual path /saml/, however, everything works fine under Win2k8 32-bit (WIF 32-bit runtime)

  16. Anonymous says:

    We are having the same problem. This seems to work great against IIS Express, but the Saml2AuthenticationModule fails to intercept responses from the IdP when run in the azure compute emulator. Http POST to /ServiceProvider/saml/post/ac is resulting in a 404.

  17. Anonymous says:

    When will the release version of this be available?  Or at least a go-live license?

  18. Anonymous says:

    Can anyone tell me whether this extension works for IIS6? I tried on II7 and it works great!

    It is failing on IIS6..please advice.

  19. Anonymous says:

    OK guys, it has been 10 months.  Is this live yet?

  20. Pop.Catalin says:

    Helooo, Echooo, Echoooooo, Echoooooooo?

    Any news yet? It's been a long time since last update. Specifically when will this RTM?

  21. Anonymous says:

    Tomorrow will mark the 1 year mark since the CTP release. Can we PLEASE have a final so we can move forward? Please? Give us an ADFS Roadmap while you are at it. 🙂

  22. Anonymous says:

    When will you roll out the WIF Extension for SAML v2.0 RTM?

  23. Anonymous says:

    When we'll have the WIF Extension for SAML v2.0 RTM. We need dates, please!!

  24. Anonymous says:

    I'm wondering aswell when the RTM will be released.

    Can someone please make a statement here?

  25. Anonymous says:

    Today it is exact one year since the CTP Release. What about a final?

  26. Anonymous says:

    Is this extension dead? The lack of communication about a release plan seems to indicate it is. Does anyone have up-to-date information on this?

  27. Anonymous says:

    I'm required to build a SAML 2.0 endpoint to my production STS. Can I count on this extention soon?

  28. A guy just jumped out of space and Microsoft still doesn't have full SAML 2.0 protocol support. Will we ever get support for http://www.w3.org/…/xml-exc-c14n

  29. Anonymous says:

    Is the RTM version available now? Please let us know.

  30. Anonymous says:

    A workaround on IIS6 for issue related to … 'Idp Http POST to /ServiceProvider/saml/post/ac is resulting in a 404'.

    1) Make sure IIS 6 is configured to handle .ashx extension

    2) Create a empty file with the .ashx extension (e.g. a.ashx) in the root folder of the SP.

    3) Modify all the five binding endpoints found in local.serviceprovider.xml to include the file created in step 2 (i.e. a.ashx) as part of the path, e.g.  http;//localhost:6004/ServiceProvider/a.ashx/saml/post/ac

    That's it.

    Workaround post by Dave Bacher @ social.msdn.microsoft.com/…/c40d6f52-ea02-4941-9c5c-308e0d5aaa08

  31. Anonymous says:

    Any updates on when will RC version be available?

  32. Anonymous says:

    Microsoft, please respond… Is this project dead?

  33. Anonymous says:

    This download link is not working. Can someone fix it please.

  34. Anonymous says:

    Is the SAML2-P now release or not? Very unclear. Go JAVA :-).

  35. Anonymous says:

    Please note that the Safewhere SAML2 for WIF component is still available and going strong:

    safewhere.com/…/saml-2-for-wif

    In addition to the WIF support, in general, the Safewhere Identify Platform is designed to add value to the Microsoft solution stack in areas such as federation integration of social media and national identities.  

  36. Anonymous says:

    I'm sad that this seems dead.  Not having saml2-p integrated in .net is a huge PIA.