SAML和.NET 4.5

Question

I have an IDP that I need to integrate my application with. In the past I was able to easily setup an IDP using the Identity and Access tool extension in VS 2012. I have setup ACS and other IDPs that use Windows Federation. But now I have a new IDP but they do not provide me with a federated metadata xml file which the tool needs. I am trying to figure out how to set this up. There is also one added level of complexity. I need to create an "AuthRequest". Does WIF (Windows Identity Foundation) support any of this or will I have to do this manually? Here is my approach please tell me if I can use any other methods:

• Generate an AuthRequest: Specify the service url (post back url) in the Auth Request, sign the xml document (provide the IDP with the public key), base 64 encode it and perform a post to the URL the idp sent me (via SAMLRequest key value).

• Once the user logs at the IDP the saml response will be sent to the URL I specified in the AuthRequest, I will then take the saml response (post via "SAMLResponse" key/value), base64 decode it, verify the digital signature (they provided me with their public key) and walk the XML data via XPATH to retrieve the NameID node value. For this part I am thinking about setting up a custom Http Handler.

• Once I get the value, check my database to authenticate the user, using forms authentication create a ticket. Now the user is authenticated.

Can you suggest a better way to do this?

Thank you!

Answer 1

No - WIF does not support SAML.

You have two choices:

Add a client side SAML stack to your application - some examples here .

Or use ADFS as a bridge as it does support SAML.