If I’d have a dollar for every time a customer or partner asked me if they could use WIF for consuming the SAML2.0 protocol… ok, I would not exactly buy a villa a Portofino, but let’s just say that this is one of the most requested features since WIF came out.
Well, dear .NET developers, rejoice: you no longer need to envy your friend the ADFS2 administrator. From now on you are gifted the ability to use ASP.NET for writing SAML-P SP-Lite compliant relying parties, which in fact I should probably call service providers just to add some local color.
At its core, what makes those extensions tick is the Saml2AuthenticationModule, which looks very similar (i.e. raises ~the same events, etc.) to the WSFederationAuthenticationModule and is in fact inserted in the pipeline more or less in the same way. The module lives in the assembly Microsoft.IdentityModel.Protocols.dll, together with the (lots of) classes it needs to implement the details of the SAML protocol.
The programming model may be similar, as one would expect, but of course the extensions implement features that are paradigmatically SAMLP. Examples? POST, Redirect and Artifact bindings; SP initiated and (can you believe that?) IP initiated SSO and SLO (single log out).
The package contains various other goodies: a good set of cassini-based samples, documentation that will get you started and that will help you to use ADFS2 as IP instead of the sample IP provided in the package. But my favourite is definitely the SamlConfigTool: it is a slightly more raw counterpart of fedutil/add STS reference, which can consume metadata from one IP and generate the corresponding SP config settings. And just like fedutil, it can generate the SP metadata so that the IP can easily consume it for automating the SP provisioning as well.
The WIF Extensions for SAML.20 Protocol unlock some new, interesting scenario: and of course, being this a CTP the WIF team really wants your feedback. If you’ll play with the extensions, please take a moment to chime in and let us know what you think!