.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links


Posted By:      Posted Date: October 04, 2010    Points: 0   Category :WCF

Hi there,
As i say in the subject i'm working on an investigation on SAML on .NET (right now in SAML 1.1).
And i don't know what are the key steps to implement this solution.
As now i know that an STS ws should be developed (don't know how) with WCF, then the client has to get the SAML token to comunicate to the final service.
Another constraint is that neither WIF and ADFS should be used.
The version of SAML is 1.1
I have the big picture, but the details of implementation don't.
Can anyone please point me to the right direction, examples of code, books, white papers, etc?.
I would really appreciate any help you can provide.
Thanks a lot.


View Complete Post

More Related Resource Links

Post the SAML Response in an HTML form to the assertion consumer service

Hi,   Can anyoner please help me in how to post the SAML Response in an HTML form to the assertion consumer service. I have generated the saml reponse and want to send the same to the re-directing url.  

Claims Walkthrough: Creating Trusted Login Providers (SAML Sign-in) for SharePoint 2010

Learn how to create a custom security token service (STS) and set up a trust relationship between a SharePoint 2010 farm and the custom STS

Implementing Single Sign-On using SAML 1.1, x.509, LDAP in C#.net

Hi, I got a requirement from the client i.e implementing single sing on using SAML 1.1( LDAP & X.509)in .net. I searched almost entire internet but no use. I have perfect knowledge regarding SAML but i dont know how to implement it in C#.net. Where do i get any papers or document that tells how to implement SSO using SAML in .net . What are the key steps involved in implementing it? What are the topics i need to cover to complete this task. I am literally struck at this point, any help would be apprciated. Thanks in advance sam

Digitally sign SAML assertion with the user's certificate

I know how to digitally sign a SOAP message with the server's certificate using WCF, but is it possible to sign the SOAP message or maybe a signle element inside the message with the user's certificate without having the user's certificate in the server's key store? For example, can a SAML assertion or other element be created, then the user prompted to sign that element, and then have then element (with the user's signature on it) placed in the outgoing message?

SAML Token Deserialization Performance


I have an IDispatchMessageInspector which is deserializing a SAML Token contained in the SOAP message header.

To do the deserialization I am using the following code:





List<SecurityToken> tokens = new List<SecurityToken>();

tokens.Add(new X509SecurityToken(CertificateUtility.GetCertificate()));

SecurityTokenResolver outOfBandTokenResolver = SecurityTokenResolver.CreateDefaultSecurityTokenResolver(new ReadOnlyCollection<SecurityToken>(tokens), true);

SecurityToken token = WSSecurityTokenSerializer.DefaultInstance.ReadToken(xr, outOfBandTokenResolver);

The problem I am seeing is that the performance of the ReadToken call varies depending on the account that is running the windows service (in which the WCF service is hosted).

If the service is running as a windows domain account the elapsed time for the ReadToken call is virtually zero. When running as a local machine account the call takes about 1 second.


Can anyone shed any light on what is going on here and why the account running this bit of code makes a difference as to its performance?


SAML 2.0 Service Provider implementation for ASP.NET application



I need to implement SAML 2.0 integration for ASP.NET application to be used as service provider. I tried to find a component for this but found only ComponentSource ComponentSource SAML 2.0 Integration Toolkit. I cannot believe that this is the only component that I can use for my task. Are there any other components or .NET libraries I can use to build SAML 2.0 integration for ASP.NET application ? Maybe there are standard way in .NET to implement this ? Currently .NET version used is 2.0 but there is no problem to migrate to 3.0 or 3.5 if this will help to solve the problem. Thank you!

I'm sorry if I'm asking in a wrong forum but I did not find a security related forum.

Best regards,

saml token..



I am working with saml token for the first time. If I passed authentication and received the saml token from a 3rd party id provider, where is the saml token stored when I landed back to my page (default.aspx)?? 


SAML Authentication Request Deflate and Encode


How to implement this in ASP.NET (.NET 1.0)? I need to have analog of this (in Java):

// first DEFLATE compress the document (saml-bindings-2.0, section

byte[] xmlBytes = xmlString.getBytes("UTF-8");

ByteArrayOutputStream byteOutputStream = new ByteArrayOutputStream();

DeflaterOutputStream deflaterOutputStream = new DeflaterOutputStream(byteOutputStream);

deflaterOutputStream.write(xmlBytes, 0, xmlBytes.length);


// next, base64 encode it

Base64 base64Encoder = new Base64();


SAML token and impersonation for SAP connection


I am connecting SharePoint 2010 to SAP. I am using CBA from SAML. When user logs in for the first time in SharePoint, he/she would get the SAML token, after this should we use the same SAML token and propagate it to WCF and SAP or impersonate the logged in user with SAP user id?

SAML Assertion encryption on STS, adding wsd:Id to EncryptedData element


Using WIF/WCF on Server2008 and .NET 3.5, trying to connect to a service on Oracle Service Bus. Policy calls for SAML Assertion, sender-vouches, asymmetric keys.

Sender-vouches seems to imply both signing and encryption of the SAML Assertion at the STS before serialization into the RSTR, implying that it doesn't get decrypted and verified until it gets all the way to the Relying Party.

Signing works fine, and encryption works fine, too. But when the client attempts to pass through the resulting encrypted "blob," it chokes with "element to sign must have id."

On closer examination, it appears that the STS does not add the wsu:id attribute to the EncryptedData element. The "wsu:Id" is more fomally known as "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd:Id," and it's essential for signing any element (with the exception of the SAML Assertion, but that's another story with another interop solution).

The wsu:Id is perfectly legal for <EncryptedData> elements, and so the answer has to be to add it at the time the element is created.

Is there a quick and easy way to get this attribute added? It can be done in WCF, but that requires all that custom plumbing. I'm looking at GovindR's ReserializeSaml at the moment, and it seems a mighty big gun for such a small task.

Validating a SAML token at WCF Data Service level


I  have a WPF client which request a SAML token from the STS. After receiving the SAML token the WPF client sends the SAML token as part of the request header to the WCF data service. At the WCF data service level the request is interpreted by the Authorisation manager. I wanted to know is there any way to parse and authenticate this SAML token at the service level that its a valid saml token.

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend