SAML Assertion consumer Service (ACS) - Suggestions on implementation

Question

We are looking at providing SSO for a partner company so that they can access our website without separately loggin in. The partner company already has an SSO implementation within their intranet as well as other partners. We only need to be able to recieve the SAML tokens and confirm that they are valid (either Browser/Post pr Browser/Artifact profiles can be used). We do not need to implement SSO for our domain users.

Question: Is it worthwhile/possible to implement a service (usng WCF?) that can recieve and process these tokens issued by the third party or do we need to implement a vendor application (like SiteMinder, PingFederate etc) on our side even to be able to act as a Relying party in this federation.

Answer 1

One open source solution you should take a look at is OpenSSO. You can download and deploy OpenSSO as a full-service web access management system, including federated single sign-on via SAML 2.0 and other protocols, or just deploy the Fedlet, which provides a simple service provider/relying party implementation (including the ACS) for both Java and (pre-release now, but supported soon) .Net.

Answer 2

A list of several open-source SAML implementations can be found here.

OpenSSO, OpenSAML and Shibboleth seem like the major options.

Answer 3

Hi DevByDefault, Can you tell what you end up using? I a, in the same situation now and my client(IDP) using saml 1.1. We have a java platform which needs to send saml request and read saml response. any suggestion will help. thanks.