After researching on the topic of Claims-Based Security (or a Federated Security Model). I've been coming across many examples that use Cardspace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt. The claims-based security architecture I'...
Hi, If a company often requires users to be created in a partner's active directory, and vice versa, does it make sense to set up a federated / trusted relationship between the AD instances? If so, what should be considered? Does the ACL for users in the partner AD still work the same way? What security risks does this expose? Thanks! ...
Haven't seen many Geneva related questions yet, I have posted this question in the Geneva Forum as well... I'm working on a scenario where we have a win forms app with a wide installbase, which will be issuing frequent calls to various services hosted by us centrally throughout it's operation. The services are all using the Geneva Fram...
I have an asp.net application (relying party) that uses a passive STS for authentication and retrieval of claim values. The relying party is using the FederatedAuthenticationModule (FAM) to enable a passive redirect to the sts. I found documentation on how to specify required claims when using InformationCards, but have yet to find det...
My company is in need of a federated identity solution, and being a Microsoft shop, we're looking to use MS technologies to accomplish this goal. We don't have Server 2008 or .NET 3.5 in production, so we're limited to a .NET 2.0/Server 2003-based solution. This means (in terms of a federated identity solution), Active Directory Federa...
Does anyone know of any good screenscasts or documentation covering the integration Active Directory Federation Services (ADFS) with Authorization Manager (AzMan)? ...
A client of ours has approached us to develop an application, and as usual the scope grows day by day. Initially it started as a dedicated app confined within their corporate network. User Authentication was established by aquiring the user's Windows login and using a SQLServer Database to host the access rights. All quite straight fo...
Hi After reading the MSDN article (http://msdn.microsoft.com/en-us/magazine/2009.01.genevests.aspx) on implementing a Custom STS using the Microsoft Geneva Framework I am a bit puzzled about one of the scenarios covered there. This scenario is shown in figure 13 of the above referenced article. My questions are around how does the RP i...
I have an ASP.NET MVC application into which I have just integrated the RPX third-party federated identity system. The integration is working ok, but I'm having some difficulty wrapping my head around what to do with it at the ASP.NET level. Because the identity is handled externally, I have no need for passwords in my app: I never rec...
I have an ASP.NET MVC application into which I have just integrated the RPX third-party federated identity system. The integration is working ok, but I'm having some difficulty wrapping my head around what to do with it at the ASP.NET level. I'm pretty new to ASP.NET (I'm learning it with MVC), and I've discovered a little bit about th...
I need to know what is the best framework to implement Federated Security over Web Services, these Web Services are being developed using multiple different languages, like Java, Python and Perl. I already saw some information about OpenSSO, Liberty, PingFederate and Shibboleth. But which one is the best and the easier to implement? Th...
I need to create a some SAML 2.0 assertions, and I'm having trouble finding what the XML should really look like. Most of the documentation seems to be about using particular tools, not about the messages. I've got the schemas, with a plethora of possibilities, but I can't find an example of what the relevant messages actually look like...
Is it possible to use the OpenSSO fedlets with PHP (or tech. other than Java or .Net) to Enable to enable Identity Federation? Is there any examples of using fedlets implementing with PHP? ...
I'm looking for a way to pull user (eg. inetOrgPerson) information in a federated way. For the most part, this information will come from LDAP but could come from secondary systems. I've looked at things like Jasig's Person Directory (married to Spring and we don't use it) and ArisID (no examples of use, yet). I'm working inside of OS...
I am playing with windows identity foundation and I am trying to create an MVC.NET based Security Token Service and use it as the Single Sign On application. My only problem is that I don't know how to generate the federationmetadata.xml file. Is there any tool to generate this file manually? ...
We are having a hosted web application and it uses forms authentication. This webapplication is accessed by users belong to different partner organizations. Currently users belong to the partner organizations are accessing the application using the credentials that we give it to them. Now, some partner organizations wants their users...
On a SAML v2 Federation, is it possible for the SPs to exchange attributes when the federation is based on the use of Pseudonym Identifiers? Should the SP that holds the attribute function as an IdP? In that case, should there be a transient linking of accounts between SP1 & SP2? ...
Im looking for a step by step tutorial that covers Google's Federated Login process using php and cURL. All needs to get dumped into codeIgnitor so it really needs to be easy to follow. ...
Ok Im having more luck with G'oogle's federated log in, I'm at the point where you get the following params back from Google. [openid_ns] => http://specs.openid.net/auth/2.0 [openid_mode] => id_res [openid_op_endpoint] => https://www.google.com/accounts/o8/ud [openid_response_nonce] => 2010-01-02T14:58:22ZvP-t8tJXqGWaPw [openid_return_t...
A supplier uses Ping Federate for SAML-based single sign-on. I've got some custom SAML 2.0 code which implements a rudimentary identity provider. I'm doing IDP-initiated SSO with URL and HTTP Post. The PF service provider is at https://domain/sp/startSSO.ping. What URL should I be posting my response (assertion) to on the PF server? I t...