Windows Identity Foundation does not officially support SAML 2.0; use WIF CTP or stick to SAML 1.1?

We would like to use SAML 2.0 for Single Sign On solution. As a typical Microsoft store, we prefer to use Microsoft components as much as possible. The Windows Identity Foundation supports SAML 2.0, but the extension is still in the Community Technology Preview (CTP) for over a year, without any information in the future. See http://blogs.msdn.com/b/alikl/archive/2011/05/16/windows-identity-foundation-wif-extension-for-saml-2-0-protocol-community-technology-preview- ctp.aspx

I came across an inspiring article by Michelle Bustamante: http://www.devproconnections.com/article/federated-security/generate-saml-tokens-using-windows-identity-foundation She is actively promoting WIF + SAML 2.0, but nowhere else in this article she does not talk about CTP or the final release, I also could not contact her for clarification.

Against this background, is it possible to use WIF Community Technology Preview for SAML 2.0 or stick to SAML 1.1? Does SAML 2.0 have a significant advantage over SAML 1.1? Is the future of the SAML 1.1 in question?

Any other alternatives?

+6
source share
2 answers

You should clarify if you are talking about SAML 2.0 protocol (for example, SAMLP) or just about token ticks. WIF RTM supports SAML 2.0 tokens, but not SAMLP.

So, if you only need support for the SAML 2.0 token, WM RTM is required, although the WIF CTP extensions do add SAMLP support.

If you are looking for a SAMLP solution and you are a Microsoft store, you should consider ADFS 2.0.

ADFS 2.0 will perform a "protocol transition": it will talk SAMLP with the identity provider and WS-federation with your application (both use SAML tokens). WIF supports WS-Federation.

+4
source

See Identity Server , which is an STS that uses SQL Server for authentication. You can easily combine this with ADFS.

From the fact that I remember reading the license agreement for the release of CTP, it is just for comment - you cannot use it, for example. in a production environment.

According to @Eugenio, WIF only supports WS-Federation.

How did you intend to "stick with SAML 1.1"?

Update:. I suggest you use Identity Server for database authentication. Your WIF applications are linked using FedUtil to Identity Server. Then you combine Identity Server with ADFS. Your external parties use SAML to communicate with ADFS, and ADFS will handle the plumbing so that they can authenticate using the Identity Server database.

Please note that WIF does not support SAML at all.

+2
source

Source: https://habr.com/ru/post/919739/


All Articles