SAML 2.0 tokens and WIF – bridging the divide

Background We all know the following limitations about Windows Identity Foundation (WIF) and passive (browser) federation protocols, right? WIF does not support SAML2.0 protocol (SAML2P) There is a WIF extension out there to support SAML2P but it is a technology preview WIF does support SAML2.0 (SAML2) tokens WS-Federation conveys SAML1.1 tokens Therefore, unless you use…


The Windows Identity Foundation Configuration Editor

As a little exercise to teach myself WPF (argue amongst yourselves about how successful I was on that point; feedback most welcome) I have written a tool call the Windows Identity Foundation (WIF) Configuration Editor. It’s purpose is to exercise complete control over the <microsoft.identityModel> config section within app.config and web.config files, for applications secured…


U-Prove and why U should care

Privacy and minimal disclosure of information are important aspects of any identity verification system. However, end-users are often unaware of exactly what information is being disclosed to online service providers. The U-Prove protocol has been devised to resolve these problems by putting into the hands of the end-user the control of what information is passed…


Windows Identity Foundation 101’s : WS-Federation Passive Requestor Profile (part 1 of 2)

Background It is becoming more commonplace for the means of authenticating a user to be externalized away from the content provider. In federation parlance the content provider is known as the Relying Party (RP) and is so named because it is reliant upon an external entity for authentication, that entity being known as the Identity…