Safewhere*SAML2.0 for WIF
Make it simple for your developers to work with SAML 2.0
With the release of Safewhere's full implementation of the Security Assertion Markup Language (SAML) 2.0 protocol for service providers - SP Lite - on the Windows Identity Foundation (WIF), all developers of ASP.NET applications may now connect directly into SAML 2.0 federations. Our new toolkit, SAML2.0 for WIF, allows you to leverage all the benefits of WIF, while still being able to participate directly in SAML 2.0 protocols.
- Leverage benefits of WIF while participating in the SAML 2.0 protocol
- Connect ASP.NET apps to SAML 2.0 federations
Microsoft recommends WIF as best practice for. NET-based application development. WIF is temporarily limited to supporting the WS-Federation protocol, which is a problem for a large part of the IT-world as the SAML 2.0-protocol is in the process of becoming the global standard for federal applications.
SAML 2.0 for WIF is a DLL file that extends the WIF with native support for the SAML 2.0 protocol.
SAML 2.0 for WIF supports the following extensions all of which are available on request:
- Windows Security Token issuance (Kerberos Impersonation) – Allows you to generate an impersonation-level Windows security token from the SAML 2.0 security token, which will make it possible to login to Outlook Web Access (OWA) or other Kerberos-protected resources provided that the applicable user is already in Active Directory (AD).
- Shadow Account Module for Active Directory – Allows you to create (and update) users and roles on the fly in AD based on the content of the SAML 2.0 security token, which will make it possible to automatically login to resources that support Kerberos authentication and authorization even though the user isn’t present in AD. This module supports the creation and updating of users and roles on the fly in virtually any user database or directory service, based on the content of the SAML 2.0 security token, which will make it possible to automatically login to resources that are not SAML 2.0-compliant. Please note that this will also demand that a special SAML 2.0 token module is implemented “in front” of the applicable application(s).
- Shadow Account Module for user databases and directory services – The ADFS Shadow Account Synchronization Module enables automatic creation of shadow accounts and possible roles. This is a very central key functionality with regard to traditional web applications (i.e. applications that are not designed for federal purposes), which are built around an existing user database to work in a federal reality. The Shadow Account Synchronization Module component handles the creation and maintenance of user accounts and their role memberships on the basis of the information and roles that are found in the SAML token that was used during login. This makes it easy and straightforward to fit existing web applications into the federational standards, enabling single sign-on across organizations and separate security domains within these organizations. The module’s use of a Manager Provider-model means that the component can quickly and efficiently be adapted to any type of proprietary user database, including SQL Server databases, flat files, and hierarchical (including LDAP-based) databases.