FAQ Database Discussion Community


Decrypting SAML 2 assertion using .NET 4.5 (System.IdentityModel) / WIF

c#,encryption,wif,saml-2.0
I am trying to decrypt an encrypted SAML 2.0 assertion issued from a Java-based Identity Provider. Given the following setup of security token handlers: X509Certificate2 cert = ... // Contains private key var serviceTokens = new List<SecurityToken>(); serviceTokens.Add(new X509SecurityToken(cert)); var issuers = new ConfigurationBasedIssuerNameRegistry(); issuers.AddTrustedIssuer("...thumbprint...", "nottherealname"); var configuration = new...

Kentor.AuthServices configuring thumbprint validation

.net,single-sign-on,wif,saml-2.0,kentor-authservices
How do I configure Kentor.AuthServices to use the issuer registry from WIF? Specifically, to check based on thumbprint like in the example below: <system.identityModel> <identityConfiguration> <securityTokenHandlers> <securityTokenHandlerConfiguration> <issuerNameRegistry type="System.IdentityModel.Tokens.ConfigurationBasedIssuerNameRegistry, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"> <trustedIssuers> <add thumbprint="1111111111111"...

WIF config: issuerNameRegistry vs. certificateValidation

.net,single-sign-on,wif,saml-2.0,claims-based-identity
In the Windows Identity Foundation (WIF) 4.5 config, what is the relationship between issuerNameRegistry and certificateValidation? What portion of a SAML 2.0 assertion is validated by each? For example: the code & config below will verify that the issuer cert has the given thumbprint. But I assume a certificateValidationMode other...

How to configure Azure ACS to return SAMLResponse parameter instead of RSTR xml?

azure,single-sign-on,wif,saml-2.0,acs
I have SSO login setup with Azure similar to the one above: In the POST request (6&7) from ACS at my application (RP) end, I am getting: ~~~~~~~~ POST wa: wsignin1.0 wresult: RSTR XML - (example format - data removed) ~~~~~~~~ whereas what my RP expects and understand is...

How can you use Active Federation to authenticate with an ASP.NET MVC application?

asp.net-mvc,security,authentication,wif,saml
I have a WPF application that is using WS-Trust Active Federation over WCF. When the user logs in, the application requests a token from the STS, caches it, and then provides that token to all WCF service calls which require authentication. This application also has a Web Browser View that...

Add STS reference missing in Visual Studio 2013 Update 4

c#,visual-studio-2013,wif
Add STS reference (Preferably adding Create new STS Project) option is not available in Visual studio Ultimate with update 4. I have tried to install identity and access tool extension and it does not allow me to install since, it is expecting visual studio 2012 ultimate but not 2013 ultimate....

Is it possible to tell IIS to treat all old cookies as expired? (CryptographicException)

asp.net-mvc,iis,wif
We are using WIF authentication, and we have an issue that pops up on occassion where a users cookie gets in a bad state. The exception that gets thrown is: System.InvalidOperationException: ID1073: A CryptographicException occurred when attempting to decrypt the cookie using the ProtectedData API (see inner exception for details)....

Is System.IdentityModel.Policy.IAuthorizationPolicy obsolete?

c#,wcf,wif,claims-based-identity,claims
According to this msdn article, the interface IAuthorizationPolicy is the way to go to inject custom authorization logic / custom claims when using wcf. https://msdn.microsoft.com/en-us/library/ms729851(v=vs.110).aspx However it seems like some of the used classes in this interface are "almost obsolete" according to http://msdn.microsoft.com/en-us/library/system.identitymodel.claims%28v=vs.110%29.aspx The System.IdentityModel.Claims namespace contains classes that implement...

ADFS freshness and session sliding

c#,asp.net,session,wif,adfs2.0
I have implemented session sliding using in my customehttphandler module. I am trying to acheive session sliding as well as getting authenticated on multiple website which share same ADFS server. public void SessionAuthenticationModuleSessionSecurityTokenReceived(object sender, SessionSecurityTokenReceivedEventArgs e) { SessionSecurityToken token = e.SessionToken; DateTime nowUtc = DateTime.UtcNow; DateTime validFrom = token.ValidFrom; DateTime...

Can WIF Saml2SecurityTokenHandler validate top-level signature?

.net,single-sign-on,wif,saml-2.0,claims-based-identity
See this (stripped-down) SAML 2.0 response: <samlp:Response> <saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">lkasjdflkasj</saml:Issuer> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <!--<snip>--> </Signature> <samlp:Status xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"> <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/> </samlp:Status> <saml:Assertion> <saml:Issuer...

Share Authentication between MVC applications through WIF

c#,asp.net,asp.net-mvc,wif,claims-based-identity
I have two website i.e. A and B, where A and B both have their user store separately. If user is authenticated user of A, it should be able to access all authorized pages of B and visa versa. Can someone help me how i can do this using Windows...

ADFS authenticated on IE for Web App1 prompts login page for WebApp2 on Chrome

asp.net,google-chrome,internet-explorer,wif,adfs2.0
My application is configured for SSO and there is other web app which is also configured for single sign on on the ADFS server with same domain and active directory. I try to access webapp1 on IE and then try to open web app1 in chrome. can anyone please tell...

Wif tracing not working with Visual Studio 2013 project

visual-studio-2013,wif,tracing
I am using Visual Studio 2013 and tried to do this walk through How To: Enable WIF Tracing. But I did not find Identity and Access under Solution Explorer. So how do I enable WIF tracing in Visual Studio 2013. I even added the xml in the System.Diagnostics section and...