The SAML web site is not longer accepting new posts. Information on this page is preserved for legacy purposes only. For current information on SAML, please see the OASIS Security Services Technical Committee Wiki.

SAML 2.0 and Microsoft .NET

I am a technical architect currently researching single sign on (SSO) and Microsoft .NET for one of my projects. I have been doing a lot of searching and reading on various internet sites, including yours (lots of information on the standard, by the way, which is great), to try and determine the compatibilities between SAML 2.0 and the Microsoft .NET 2.0 or higher frameworks. I have found some articles indicating that Microsoft may not support the SAML 2.0 standard, which has me very worried. Do you know of any information that you could share that would indicate how to integrate a Microsoft Windows environment with SAML 2.0 whereby I would have a .NET website, running on IIS, that requires authentication that will be supplied by an IDP via a SAML ticket? Do you know of any commercial products that work with IIS to provide SAML based interaction?

Componentspace have a SAML v2.0 tool stash that is composed in C# and focused at It incorporates illustration personality supplier and administration supplier ventures and has worked well in nature's turf. buy youtube views

The Microsoft .NET Framework is the predominant implementation of .NET technologies. Other implementations for parts of the framework exist.70-642 Although the run time engine is described by an ECMA/ISO specification, other implementations of it may be encumbered by patent issues ISO standards may include Windows 7 the disclaimer, "Attention is drawn to the possibility that some of the elements of this document may be the subject of patent rights.70-431

Developers can also make their .NET applications identity-aware with Microsoft Windows Identity Foundation (WIF). WIF provides the underlying framework of the Microsoft claims-based Identity Model. Implemented in the Microsoft .NET Framework, apps developed with WIF present authentication schema, such as identification attributes, roles, groups and policies, along with a means of managing those claims. Applications built by enterprise developers and ISVs based on WIF will also be able to accept these claims.

info that you could portion that would show how to incorporate a Microsoft Windows environment with SAML 2.0 whereby I would make a .NET website MCSE dumps

Microsoft supports SAML 2.0 in Geneva which currently is in beta.

Denmark has an open source (MPL 1.1. license) .Net toolkit supporting our OIOSAML 2.0 profile which is almost identical to the Liberty SAML 2.0 eGov profile. It requires Net 3.0 or higher - and includes a sample app integrating with IIS - You can get the code from here:

Thx, Søren P

IT-Infrastructure and Implementationa Division 

Danish National IT and Telecom Agency

ComponentSpace have a SAML v2.0 toolkit that's written in C# and targeted at ASP.NET. It includes example identity provider and service provider ASP.NET projects and has worked well in our environment.


PingFederate, Ping Identity's commercial SAML product, is written primarily in Java but has a number of integration offerings for .NET and IIS.

To my knowledge, Microsoft has no native support for SAML protocols of any version in any of their code. I think they have some kind of support for assertions (at least 1.x, maybe 2.0 in the newer stuff).

Plenty of SAML implementations work on Windows and/or IIS, at both the toolkit level and the macro-level, operating in the web server.

Speaking personally, the Shibboleth SP software works fine on IIS.

-- Scott

Thanks for the information guys....I've had a look at both suggested alternatives, and off the top it looks like the Shibboleth product supports SAML 1.1, so pingfederate might be a better option....


As I have typically worked in a Windows or Netegrity authentication environment, I know that they implement ISAPI filters in IIS to control access to my applications, including the detection of login tokens, redirections to login pages, and population of user characteristics, such that my application simply needs to read the characteristics from the appropriate location.  Do you know if the software products mentioned above work in a similar way, or would my application be responsible for implementing that logic to detect, redirect, send SAML requests and parse SAML responses?  In your experiences, what is the typical paradigm for IIS/Windows and SAML integration?



Shibboleth's recent RC1 release is SAML 2.0 as well as the older support. Final release is imminent.

To answer your question, Shibboleth at least has a "no application API" approach to prevent applications from locking themselves into using it instead of a more generic design that works with any well-designed SSO package.

You get your data in headers or environment variables, not by writing custom code. You definitely don't process the SAML yourself, no.

-- Scott Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I