Announcing the WIF Extension for SAML 2.0 Protocol Community Technology Preview!

It is our pleasure to announce the availability of the first CTP release of the WIF (Windows Identity Foundation) Extension for the SAML 2.0 Protocol ! We heard your feedback about the necessity to have support for the SAML 2.0 protocol in WIF. Today, we announce an extension to WIF that delivers on that feedback.

This WIF extension allows .NET developers to easily create claims-based SP-Lite compliant Service Provider applications that use SAML 2.0 conformant identity providers such as AD FS 2.0.

This CTP release includes a set of samples that illustrate how to use the extension. You can download the package that includes the WIF Extension for SAML 2.0 Protocol and samples from here.

Key features of this extension include:

  • Service Provider initiated and Identity Provider initiated Web Single Sign-on (SSO) and Single Logout (SLO)
  • Support for the Redirect, POST, and Artifact bindings
  • All of the necessary components to create a SP-lite compliant service provider application

We’ll be looking for your questions, comments, and other feedback on the claims based identity forum here.  Watch this blog for future posts about the roadmap of this WIF extension. 

Happy coding!

The WIF Team

Comments (36)

  1. Henrik Nilsson says:

    Finally! This makes me so happy!…/Finally!!!-SAML2-for-WIF.aspx

  2. Paul Loonen says:

    Does this also mean that for SharePoint 2010, we no longer need an ADFSv2 box for protocol transition?

  3. any Clue says:

    ID4338: SAML Message has wrong signature

  4. Lee says:

    Where can I find code samples for this? Specfically, for processing the SAML request from the IDp by the Service Provider.

  5. SK says:

    This great news! We were struck with WS-Federation 1.1 (2005 version) with our vendor who had Shibolleth enabled jsp application as RP. This SAML extension is right in time. I am going to try and post my comments.

  6. SK says:

    So, with this extension we can create only the SP application? not SAML 2.0 complaint STS?

  7. George Wallace says:

    I was getting the SAML message has wrong signature until I noticed that some of the projects were targeting the .NET 3.5 framework and some were targeting .NET 4.0.  Once they were all 4.0, it ran successfully.

  8. Petro Sasnyk says:

    Hello WIF Team,

    Could you provide some roadmap, when you plan to release WIF Extensions for OAuth?

    Bacause it published with  Pre-release license which prevents us to use it in production.

  9. Atef Abdou says:

    I have been using the extension since day 1 and while generally it has worked well , I find one major issue. That of being able to have certs outside of the xml file. We need to be Fibs complaint , which means the XML or even same machine will not fly. I have replaced the ServiceTokenResolver (through the service configuration and that works. The issue is with IDP  initiated logout or SP initiated login. In both cases the module tries to get the cert ( which there is none from the config) and fails. While I have been able to take care of that from the sp initiated login, created my own method . I cannot do that in the IDP Initiated logout.  In that case the logout request is handled properly and a logout response is trying to be sent, however there is no cert associated and there is no way to hook into this.  The issue arises from the message decoder  (which is unfortunately a privet member with no accessory  ,_messageDecorator in saml2authentication module ) the value for this decoder is only created once , in the constructor, where the cert  is read from the config file.  Thus if nothing in the config it does not work, no matter what you do with the servicetokenresolver,.  Any way of getting this fixed.

    Thank you

  10. John Bailo says:

    Regarding the document "AD FS 2.0 as the SAML 2.0 Identity Provider for the Service Provider Sample".

    Step 1: Using the SamlConfigTool

    Enter your entity ID

    The example entry from the program is — indicating the domain of the Idp.

    But the example entry in this document is https://myIISserver/ServiceProvider

    Which is correct?

  11. Any news when this might be available as part of Azure ACS v2?



  12. Luis Carrión says:

    We are trying to use this extension in our application, this works fine if we used web app, but we have problem when we put our web app in a Azure Web Role, apparently it can’t redirect to our default page in azure emulator. Any help will be very appreciated

  13. Sree Yadavalli says:

    Can this CTP version be deployed to production? Would there be an RTM version later? if so, when do you plan on releasing the RTM version?

  14. Qi Ning says:

    Can the current WIF SDK be used to create a RP application that receives SAMLv2 tokens?

    The IdP/STS is most like an OpenAm server. The RP is an ASP.NET MVC3 project.

  15. Alex says:

    It looks like this extension does not work on Windows Server 2008 R2 64-bit (WIF runtime 64-bit), the Saml2AuthenticationModule module does not seem to intercept the virtual path /saml/, however, everything works fine under Win2k8 32-bit (WIF 32-bit runtime)

  16. Dan says:

    We are having the same problem. This seems to work great against IIS Express, but the Saml2AuthenticationModule fails to intercept responses from the IdP when run in the azure compute emulator. Http POST to /ServiceProvider/saml/post/ac is resulting in a 404.

  17. Erik says:

    When will the release version of this be available?  Or at least a go-live license?

  18. Viswanath Chirravuri says:

    Can anyone tell me whether this extension works for IIS6? I tried on II7 and it works great!

    It is failing on IIS6..please advice.

  19. Brian says:

    OK guys, it has been 10 months.  Is this live yet?

  20. Pop.Catalin says:

    Helooo, Echooo, Echoooooo, Echoooooooo?

    Any news yet? It's been a long time since last update. Specifically when will this RTM?

  21. Troy Helms says:

    Tomorrow will mark the 1 year mark since the CTP release. Can we PLEASE have a final so we can move forward? Please? Give us an ADFS Roadmap while you are at it. 🙂

  22. David says:

    When will you roll out the WIF Extension for SAML v2.0 RTM?

  23. Gonzalo says:

    When we'll have the WIF Extension for SAML v2.0 RTM. We need dates, please!!

  24. Job Vermeulen says:

    I'm wondering aswell when the RTM will be released.

    Can someone please make a statement here?

  25. Pow-Lee says:

    Today it is exact one year since the CTP Release. What about a final?

  26. William Fowler says:

    Is this extension dead? The lack of communication about a release plan seems to indicate it is. Does anyone have up-to-date information on this?

  27. Job Vermeulen says:

    I'm required to build a SAML 2.0 endpoint to my production STS. Can I count on this extention soon?

  28. A guy just jumped out of space and Microsoft still doesn't have full SAML 2.0 protocol support. Will we ever get support for…/xml-exc-c14n

  29. Phanindra says:

    Is the RTM version available now? Please let us know.

  30. fcschow says:

    A workaround on IIS6 for issue related to … 'Idp Http POST to /ServiceProvider/saml/post/ac is resulting in a 404'.

    1) Make sure IIS 6 is configured to handle .ashx extension

    2) Create a empty file with the .ashx extension (e.g. a.ashx) in the root folder of the SP.

    3) Modify all the five binding endpoints found in local.serviceprovider.xml to include the file created in step 2 (i.e. a.ashx) as part of the path, e.g.  http;//localhost:6004/ServiceProvider/a.ashx/saml/post/ac

    That's it.

    Workaround post by Dave Bacher @…/c40d6f52-ea02-4941-9c5c-308e0d5aaa08

  31. Jigar says:

    Any updates on when will RC version be available?

  32. masken says:

    Microsoft, please respond… Is this project dead?

  33. Kanchan says:

    This download link is not working. Can someone fix it please.

  34. J. says:

    Is the SAML2-P now release or not? Very unclear. Go JAVA :-).

  35. Lars Nielsen says:

    Please note that the Safewhere SAML2 for WIF component is still available and going strong:…/saml-2-for-wif

    In addition to the WIF support, in general, the Safewhere Identify Platform is designed to add value to the Microsoft solution stack in areas such as federation integration of social media and national identities.  

  36. S. says:

    I'm sad that this seems dead.  Not having saml2-p integrated in .net is a huge PIA.