We are looking at providing SSO for a partner company so that they can access our website without separately loggin in. The partner company already has an SSO implementation within their intranet as well as other partners. We only need to be able to recieve the SAML tokens and confirm that they are valid (either Browser/Post pr Browser/Artifact profiles can be used). We do not need to implement SSO for our domain users.
Question: Is it worthwhile/possible to implement a service (usng WCF?) that can recieve and process these tokens issued by the third party or do we need to implement a vendor application (like SiteMinder, PingFederate etc) on our side even to be able to act as a Relying party in this federation.