Last post Oct 15, 2013 02:21 AM by kanthaa
Oct 14, 2013 02:25 AM|kanthaa|LINK
I would like to know , what are the steps to follow in order to send SAML token from client to service ?
Do I need to install anycertificate ?
Could you suggest me the stpes or differant ways to solve with SAML ?
Oct 14, 2013 05:06 AM|Illeris|LINK
There is an extensive sample on MSDN : http://msdn.microsoft.com/en-us/magazine/ee335707.aspx
Does this solve your problem?
Oct 14, 2013 06:51 AM|kanthaa|LINK
Thnak you for your sample.
I need bit clear ... ?
for example: If I want to implement Message security I will do below things ...
1) Expose teh service
2) Enable biding ( wsHttpBinding)....
3) Create Client
4) pass information and get the values..
I just want to know how about the SAML ?
Where do I need to send SAML ? is it from client or is it from serivice or is it from other ?
What configuration do I need to set ?
Oct 15, 2013 01:28 AM|Steven Cheng - MSFT|LINK
Generally, for WCF service, SAML token is used as a custom security token obtained from a certain Security Token Service (STS). So the client-side can obtain a SAML token from STS (by sending credentials for authentication first) and send the SAML token
to target service instead of directly sending credentials to target service. For STS and SAML token provider, there is some samples in the .NET Framework samples for WCF/WF:
#SAML Token Provider
#Windows Communication Foundation (WCF) and Windows Workflow Foundation (WF) Samples for .NET Framework 4
and there are also some online articles introducing how to use SAML token and STS
#Authenticating to a WCF service with a SAML bearer token
Oct 15, 2013 02:21 AM|kanthaa|LINK
Thank you for your response.
But one more clarification.....
while requesting SAML token from STS do we need to do certificate validaiton ? and the same with RP ?
for us all services are going to develop inintranet only , do I need to still implement for Https ?
<!-- Set allowUntrustedRsaIssuers to true to allow self-signed, asymmetric key based SAML tokens -->
<issuedTokenAuthentication allowUntrustedRsaIssuers ="true" >
<!-- Add Alice to the list of certs trusted to issue SAML tokens -->
<add storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" findValue="Alice"/>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="localhost" />
with out above service credentials , can't we request to STS ?
Why do I need have above code ?
we usually have <serviceMetadata HttpGetEnabled = "true" /> but why this is not available for STS ? Could you help me to understand ?