tags:

views:

1023

answers:

3

We are looking at providing SSO for a partner company so that they can access our website without separately loggin in. The partner company already has an SSO implementation within their intranet as well as other partners. We only need to be able to recieve the SAML tokens and confirm that they are valid (either Browser/Post pr Browser/Artifact profiles can be used). We do not need to implement SSO for our domain users.

Question: Is it worthwhile/possible to implement a service (usng WCF?) that can recieve and process these tokens issued by the third party or do we need to implement a vendor application (like SiteMinder, PingFederate etc) on our side even to be able to act as a Relying party in this federation.

+1  A: 

One open source solution you should take a look at is OpenSSO. You can download and deploy OpenSSO as a full-service web access management system, including federated single sign-on via SAML 2.0 and other protocols, or just deploy the Fedlet, which provides a simple service provider/relying party implementation (including the ACS) for both Java and (pre-release now, but supported soon) .Net.

metadaddy
Thanks Metadaddy for the suggestion. I will look into using OpenSSO.
DevByDefault
A: 

A list of several open-source SAML implementations can be found here.

OpenSSO, OpenSAML and Shibboleth seem like the major options.

Eye of the Storm
A: 

Hi DevByDefault, Can you tell what you end up using? I a, in the same situation now and my client(IDP) using saml 1.1. We have a java platform which needs to send saml request and read saml response. any suggestion will help. thanks.

We really never ended up implementing anything as the project got scrapped. However, our network guys came back with "Microsoft Geneva server" and said it would do the job for us.
DevByDefault