SAML 2.0 and Microsoft .NET
I am a technical architect currently researching single sign on (SSO) and Microsoft .NET for one of my projects. I have been doing a lot of searching and reading on various internet sites, including yours (lots of information on the standard, by the way, which is great), to try and determine the compatibilities between SAML 2.0 and the Microsoft .NET 2.0 or higher frameworks. I have found some articles indicating that Microsoft may not support the SAML 2.0 standard, which has me very worried. Do you know of any information that you could share that would indicate how to integrate a Microsoft Windows environment with SAML 2.0 whereby I would have a .NET website, running on IIS, that requires authentication that will be supplied by an IDP via a SAML ticket? Do you know of any commercial products that work with IIS to provide SAML based interaction?
Thanks.
Search
SYNDICATE
RECENT CONTENT
- commercial IDP
9 hours ago - OpenLiberty.org Releases First Open Source Identity Governance Framework Software
1 week ago - SAML 2.0 Usability
1 week ago - Español
2 weeks ago - SAML Specifications
3 weeks ago - Use case for IM client to be used in SaaS
3 weeks ago
SAML 2.0 and Microsoft .NET
PingFederate, Ping Identity's commercial SAML product, is written primarily in Java but has a number of integration offerings for .NET and IIS.
http://www.pingidentity.com/products/pingfederate.cfm
SAML 2.0 and Microsoft .NET
To my knowledge, Microsoft has no native support for SAML protocols of any version in any of their code. I think they have some kind of support for assertions (at least 1.x, maybe 2.0 in the newer stuff).
Plenty of SAML implementations work on Windows and/or IIS, at both the toolkit level and the macro-level, operating in the web server.
Speaking personally, the Shibboleth SP software works fine on IIS.
-- Scott
SAML 2.0 and Microsoft .NET
Thanks for the information guys....I've had a look at both suggested alternatives, and off the top it looks like the Shibboleth product supports SAML 1.1, so pingfederate might be a better option....
As I have typically worked in a Windows or Netegrity authentication environment, I know that they implement ISAPI filters in IIS to control access to my applications, including the detection of login tokens, redirections to login pages, and population of user characteristics, such that my application simply needs to read the characteristics from the appropriate location. Do you know if the software products mentioned above work in a similar way, or would my application be responsible for implementing that logic to detect, redirect, send SAML requests and parse SAML responses? In your experiences, what is the typical paradigm for IIS/Windows and SAML integration?
Thanks
SAML 2.0 and Microsoft .NET
Shibboleth's recent RC1 release is SAML 2.0 as well as the older support. Final release is imminent.
To answer your question, Shibboleth at least has a "no application API" approach to prevent applications from locking themselves into using it instead of a more generic design that works with any well-designed SSO package.
You get your data in headers or environment variables, not by writing custom code. You definitely don't process the SAML yourself, no.
-- Scott