0

I have a scenario where a Web Application needs to authenticate user using an IDP that sends SAML 2.0. To be specific SiteMinder. I was told they will send me SAML 2.0 assertions.

Being completely new to this I researched and got an fair amount of idea of what it is , Also this link that I refereed says STS can play two roles (as identity providers (IdP) when they authenticate users or as federation providers (FP) when they sit in the middle of a trust chain and act as "relying parties" for other IdPs) this brings me to a conclusion I can only use ADFS.

I also saw this nice project along with other information in their web site, http://thinktecture.github.io/ which allowed me to successfully get up and running a Claims based App and cleared many concepts. I am not sure if I need to use Identity Server as STS

Now with all these I am left with these question,

  1. To support a IDP that does SAML 2.0 , do I need to write a STS (May be use Identity Server V2 from thinktecture ?) that sits between IDP and my APP.

  2. I also see people saying use ADFS that support SAML and talk to ADFS.

  3. I already started exploring ComponentSource they have SAML Lib.

Please Advice.

Community
  • 1
  • 1
Kusek
  • 5,384
  • 2
  • 25
  • 49

1 Answers1

0

  1. To support a IDP that does SAML 2.0 , do I need to write a STS (May be use Identity Server V2 from thinktecture ?) that sits between IDP and my APP.

    You could write a protocol translator STS that sits between your app and the IdP that talks SAML protocol. But you cannot use the Identity Server V2 from thinktecture because that only supports WIF (so no SAML Protocol). There is a WIF extensons for SAMLP but that remained in CTP stage since 2011... To implement the protocol translator you could use ComponentSource SAML 2 lib.

  2. I also see people saying use ADFS that support SAML and talk to ADFS.

    I think you can use ADFS as protocol translator where it would talk WS-Federation to your app (WIF) and SAML to the IdP.

  3. I already started exploring ComponentSource they have SAML Lib.

    This is a very good library I used in the past to SAMLP enable my web app. By the way this is also a possibility to implement SAMLP support in your app. But personally I would go with the protocol trabslator STS. It's cleaner and concerns remain separate. You can find a sample here: http://blogs.msdn.com/b/bradleycotier/archive/2012/10/28/saml-2-0-tokens-and-wif-bridging-the-divide.aspx

Cheers!

Voicu
  • 38
  • 4