Hey all, I'm looking to learn about running my own google wave server. There are videos on how to set it up and get it in the command line, but my question is.. okay - where do you go from there? How do you take this service that is running in the command line and apply it to the web? Is there documentation on doing just that? I have ...
I have a per-call WCF service that's being hosted in IIS (.svc). In the service's constructor, I set Thread.CurrentPrincipal = HttpContext.Current.User as per this article. In this case HttpContext.Current.User is of type Microsoft.IdentityModel.Claims.ClaimsPrincipal and has the claims that were sent back from my custom passive STS. Ho...
I'm trying to set up a Relying Party web application to use the newly set up ADFS 2.0, but when I run the FedUtil.exe, it cannot locate the Federationmetadata.xml file on the STS. I've searched the server for this document, but it doesn't seem to exist. How does this file get initially created? I'm assuming that if you make any change...
Seems that Microsoft ADFSv2 supports WS-Trust, and SAML Passive, but the WIF stack it's built upon doesn't support SAML. What is the difference between WS-Trust and SAML-P? Do they share the same security vulnerabilities, if so what are they? Note: There is a similar, but different question here: SAML vs OAuth ...
Hi, I have the following: A website ASP.Net application acting as an Identity Provider (IDP STS) Federation Provider (FP STS) A Resource ASP.NET MVC WebSite acting as (RP) when trying to access a Resource in RP, it goes thru the FP STS and gets redirected to IDP STS. User puts their credentials and upon validity of that, IDP provide...
The scenario I'm trying to support is this: A client website is redirecting to my website using a single sign on from their site. The client side has a STS that generates a SAML token for the authenticated user that gets passed to my website. My question is what is simplest and best way to validate this SAML token passed to my website?...