Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
Some information in this post is based on Vittorio’s new book Programming Windows Identity Foundation (Dev - Pro).
Protocols supported by Windows Identity Foundation (WIF):
SAML-P protocol is not supported by WIF. SAML 1.1 and SAML 2.0 tokens can be used with WIF (see Claims Extracted by Windows Identity Foundation from Different Token Types). Sharepoint 2010 claims authentication uses WIF thus does not support SAML-P protocol neither. ADFS 2.0 is a Microsoft product that supports SAML-P protocol. Use ADFS V2.0 to allow SAML 2.0 bsed federation for Sharepoint 2010, here is how - Configuring SharePoint 2010 and ADFS v2 End to End.
Good overview for both ADFS 2.0 and WIF - Security Talk: Azure Federated Identity Security Using ADFS 2.0, another good overview that covers Azure AppFabric Access Control Service (ACS) and ADFS 2.0 integration here - Access Control Service & ADFS v2.0 Integration
There are 3rd parties that offer SAML federation capabilities extending WIF similar to Safewhere’s SAML 2.0 for Windows Identity Foundation and Componentsoft's ASP.NET SAML Component - SAML 1.1 & SAML 2 for C#, VB.NET & ASP.NE
Case study how Microsoft IT used WIF and ADFS to provide federation with 3rd parties - MSIT Showcase Enhancing Federation Services for Internal and External Partners.
Before starting a job in my new role as programming writer I met with few super smart people. I wanted to pick their brain and hear insights for success.
The key theme was along the line – “keep your customer in the center.”
Wisdom of obvious? Maybe. But the more I thought about this simple truth the more insightful it got.
To add clarity to the key theme I came up with the simple frame for how to think about the customers. It is customer types or personas and questions they might ask.
Back when I was an MCS (Microsoft Consulting Services) consultant I worked with several types of people. I recalled the following personas:
During my work in the field as consultant I observed time and again customers get frustrated by investing too much time to complete the task, losing money on labor or missing customers demand, and poor performing software. I also observed customers get frustrated by unusable software (one of the reasons they call consultants). So the main drivers for customers are:
I found it helpful to look at the development lifecycle to better understand each persona customer type:
After reviewing the data points above I came to a conclusion that the problem scope can be summarized by three questions.
It is interesting that “How it works (internals)?” question is not explicitly there.
Here are few examples of how the three question approach can help building scenarios (key questions) driven content:
Azure AppFabric Access Control Service (ACS) is one of the core components for Windows Azure platform. ACS’s main purpose is help outsourcing authentication and identity management functionality to third parties. Currently supported 3rd party identity providers are:
As a developer you can utilize available, familiar to end user, authentication mechanism by configuring (no coding required) your web application and ACS to work together.
End user experience can be described as follows:
The following diagram outlines the high level architecture of the Azure AppFabric Access Control Service (ACS) v 2.0, its main components and the information exchanged between them. Notice that end user’s credentials never given away to third party.
The sequence of steps, including visual diagram, required to perform the authentication outlined in details here - Introduction (skip to Web Site Scenario).
Notice that the token that is issued by the Identity Provider (green IdP Token on the diagram) is different from the token that the Web Application receives in the end (blue ACS Token on the diagram). Azure AppFabric Access Control Service (ACS) offers claims rules capability that can transform claims. More information on rules here - Rule Groups and Rule Editor.