Contents tagged with Federation
-
Centralizing Federated Services configuration with SO-Aware
Configuring a WCF service to use federated authentication in an organization is not something trivial as it requires some good knowledge of the available security settings, and more precisely, how to talk to the existing security token services with the right WCF bindings.
-
ActAs in WS-Trust 1.4
WS-Trust 1.4 introduced a new feature called as “ActAs” for addressing common scenarios where an application needs to call a service on behalf of the logged user or a service needs to call another service on behalf of the original caller. These are typical examples of what is usually resolved with the “Trusted Subsystem” pattern.
-
Brokered authentication for REST active clients with SAML
I have been thinking for a while about what could be a good way to support brokered authentication for active REST clients. Something I did not want to do was to force the use of WS-Trust Active profile, which is in essence SOAP based.
-
WS-TRUST profiles and Cardspace
Geneva framework supports today the two WS-Trust profiles, Active and Passive.
-
Some thoughts on Portable STS (P-STS) and Geneva Cardspace
The other day and friend of mine asked me about portable STS implementations, if I knew about any available solution that he could use on his company. That reminded me of a conversation I had like two years ago with another developer working on custom .NET CLR framework version for portable devices (like smartcards). As part of that project, his team was also working on a TCP/IP communication stack for the device, and a http handler for accepting raw WS-TRUST messages. One goal for that project was to have a P-STS that could be interoperable with WCF. The idea seemed very promising at time.
-
Claims negotiation between a consumer, STS and Relying Party in WCF
According to the WS-Trust specification, a service consumer has a way to negotiate or ask for specific claims to the STS. Those claims (or some of them) will be generally used by the service implementation running on the relying party.
-
Implementing an identity provider and relying party with Zermatt and ASP.NET MVC
Zermatt is the framework recently released by Microsoft to develop claim-aware applications. You can find some announcements here and here.
-
Federation Over TCP With WCF
One of the discussions that we had during the last summit with the rest of "Connected Systems" MVPs was the possibility of supporting a Federation Scenario over TCP in WCF. For many of us that scenario was possible in theory, but unfortunately no documentation or samples existed to support it. In fact, WCF only comes with pre-built binding for federation scenarios, the "WsFederationHttpBinding" binding, which is completely tied to Http.