WCF service consuming passively issued SAML token

Question

WCF service consuming passively issued SAML token

What is the best way to transfer an existing SAML token from a website that has already authenticated through passive STS?

We created an identity provider that issued passive claims on a website for authentication. It works for us. Now we would like to add some WCF services to the mix - call them from the context of a validated web application. Ideally, we would just like to transfer the SAML token without doing anything with it (i.e., adding new requirements / re-signing). All the examples I've seen require ActAs sts implementation - but is it really necessary? It seems a little bloated for what we want to achieve.

I would think that a simple implementation passes the bootstrap token to the channel - using the CreateChannelActingAs or CreateChannelWithIssuedToken mechanism (and setting ChannelFactory.Credentials.SupportInteractive = false) to call the WCF service with the correct binding (what would it be?) Would be enough.

We use the Fabrikam sample code as a reference, but, as I said, I think that the ActAs function is overflowing with what we are trying to achieve.

+3

wif wcf saml

Neillyboy May 20, '10 at 9:57

source share

1 answer

Flesrouy · Answer 1 · 2010-07-08T13:08:17+0000

. WIF Identity Training Toolkit, IssuedTokenHeader, ( ClaimsIdentitySessionManager). Silverlight, .

ClaimsIdentitySessionManager.

using (OperationContextScope scope = new OperationContextScope(contextChannel))
{
   IssuedTokenHeader header = new IssuedTokenHeader(this.TokenCache.GetTokenFromCache(serviceAppliesTo));
   OperationContext.Current.OutgoingMessageHeaders.Add(header);
   asyncOperation();
}

WCF service consuming passively issued SAML token

More articles: