The following table shows an analogy of identity concepts between a single application and a federated application. The single app has its own identity silo and the federated app relies on an STS (like Geneva Server). I find this analogy useful to explain how things differ from the non-federated non-claim-based world.
Couple of months ago Ezequiel posted a summary of a very interesting article published on the Identity issue of the Architecture Journal. This article talked about different patterns on the federated identity world. Last week we had an interesting requirement to solve in a project and this article came to my mind. Specifically one of... read more
This post had a lot of visits so I have updated it to work with Geneva Beta 2 1: public static ClaimsIdentityCollection ToClaimsIdentityCollection(this GenericXmlSecurityToken originalToken, TrustVersion trustVersion, X509Certificate2 signature, X509Certificate2 encryption) 2: { 3: var tokenReader = new StringReader(originalToken.TokenXml.OuterXml); 4: var reader = XmlReader.Create(tokenReader); 5: 6: var privateKeyToken = new X509SecurityToken(encryption); 7: var issuerKeyToken =... read more
During the last couple of months I’ve been helping the Microsoft DPE team (namely Vittorio and Donovan) building the Identity Development Training Kit. It’s been great to work with such knowledgeable guys like them and with one of the best frameworks I’ve ever developed with: Microsoft Geneva Framework. The training kit covers a lot of... read more
UPDATE: the code has been updated to work with WIF RTM. Thanks Nico! Providing the federation metadata for your STS will be very useful when a relying party want to establish a trust relationship with your STS. For instance, the Geneva Framework provides a FedUtil.exe tool that allows you to point to this metadata file... read more
A typical scenario for an ISV that wants to create the "next application in the cloud" will be how to support identity federation with their customers (tenants). A common requirement I’ve heard is: "I want to enable single sign on and allow enterprises that have their own STS to integrate with us. For companies that... read more
Published by Matias Woloski on February 13th, 2009 7:25 am under ASP.Net, Cloud Computing, Federation, Geneva, Identity, LiveID, MVC, PDC08, WCF, azure
Couple of weeks ago Ryan Dunn announced Azure Issue Tracker. From this post: "This sample application is a simple issue tracking service and website that pulls together a couple of the Azure services: SQL Data Services and .NET Access Control Service." I’ve been working with Ryan and other guys at DPE and Southworks to put... read more
This took some time and you are lucky if you hit this after a search. This extension method allows you to decrypt a SAML 1.1 security token using Geneva Framework. public static ClaimsIdentityCollection ToClaimsIdentityCollection(this GenericXmlSecurityToken token, string thumbprintPrivateKey, string thumbprintIssuerPublicKey, TrustVersion trustVersion) { // Decrypt token var tokenString = new StringReader(token.TokenXml.OuterXml); var reader =... read more
Definition “A Security Token Service (STS) is the plumbing that builds, signs, and issues security tokens using the interoperable protocols…” “The “Zermatt” Framework makes it easy to build your own STS. It’s up to you to figure out how to implement the logic, or rules that drive it (often referred to as security policy).” Active vs... read more
Zermatt is a set of .NET Framework classes. It is a framework for implementing claims-based identity in your applications. When you build claims-aware applications, the user presents an identity to your application as a set of claims. One claim could be the user’s name, another might be an e-mail address. The idea here is that... read more
