Re: SAML support by Microsoft



I can appreciate your dilemma, and also the added factor that
you are dealing with web product scenario (hence future of
federation beyond what initial ADFS v1 introduced is of less
importance than is evolution of existing ADFS capabilities).

I would have to search long and hard to see what exists in
the public, published documentations in order to find a specifc
statement relative to continued support for SAML tokenization.

For your product decisions an ISP partner level assurance
is what you really need.

However, have you noticed that the preview bits for InfoCard
does have definitions for SAML v1.x and v2 as providers ?
From what I have and can see, while there is industry support
and sufficient deployed use it is hard to see it not being covered
(what - we are only talking about an extra parser/emitter)
but as I understand it, MS's alignment is with the evolving
WS-* standards.


"Amit" <Amit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:CC963801-7312-4B52-B5D6-21FAF7F73E9A@xxxxxxxxxxxxxxxx
Roger, Thanks for your quick reply. I have read some documents on ADFS and
it
seems that ADFS architecture has support for SAML tokens. But I am
concerned
about the fact that WS-Federation Protocols in ADFS and SAML are
considered
to be competing technologies and hence going forward if MS may decide to
not
support SAML or reduce the support ADFS provides for SAML. We are at the
beginning phase of our design cycle and hence it makes sense to only use
WS-Federation Protocols if it can do everything that SAML can do. Can you
or
some other MS Security Guru give me some information on using ADFS vs SAML
for achieving SSO in a web product with interop scenarios as mentioned in
the
original post.

Thanks
Amit

"Roger Abell [MVP]" wrote:

Amit,
This is only a partial response to your inquiry.

You should research documentations on ADFS (Active Directory
Federation Services) if you have not already done so. I think that
some of the roadmap information has been disclosed in public so
you should look at plans/guidance for aligning with the next release
of ADFS. The present version, released with Windows Server
2003 R2 does support use of SAML, but as you are likely aware
this is a still evolving area, and is only of use for web mediated
federation architectures. Again, that is now.

If you can find roadmap, position papers on ADFS and on the
Microsoft identity management strategy it should become clear
how to align with the present and future releases. From all that
I have seen/heard SAML is very much a part of this roadmap,
as is the entire suite of WS-* webservices architecture, and you
can expect to see these embed as a central part of the architecture.

"Amit" <Amit@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:9E5EE7C0-CE93-42D5-BBFA-C613787DD604@xxxxxxxxxxxxxxxx
Hi, At our company we are in the process of redesigning our
authentication
services for our web based product. As a part of the requirements we
will
be
supporting NTAuth, Netegrity, LDAP integration along with normal logon
for
authentication. The idea is to provide a Single Sign On (SSO)
experience
to
our customers and we are actively looking at using SAML (Security
Assertion
Markup Language) to achieve this SSO functionality. Since our product
is
Microsoft platform based, so we are trying to ascertain if Microsoft is
going
to support SAML going forward? More specifically, We are looking for
knowledge documents that discusses how Microsoft platform supports SAML
in
its current releases and what, if any, are Microsoft plans/strategies
for
supporting SAML technology going forward.

Any information would be much appreciated. It would also be a great
help
if
someone can point me to the public documents from Microsoft on
supporting
SAML as well as any technical document on the technology w.r.t its
feature
support in Microsoft platforms.

Thanks
Amit





.



Relevant Pages

  • Re: SAML support by Microsoft
    ... You should research documentations on ADFS (Active Directory ... 2003 R2 does support use of SAML, but as you are likely aware ... Microsoft platform based, so we are trying to ascertain if Microsoft is ...
    (microsoft.public.security)
  • Re: SAML support by Microsoft
    ... importance than is evolution of existing ADFS capabilities). ... statement relative to continued support for SAML tokenization. ... for achieving SSO in a web product with interop scenarios as mentioned in ...
    (microsoft.public.security)
  • Re: SSO in a hosted solution
    ... AD supports SAML through WS-Federation and their ADFS product. ... Our client's would - obviously - like SSO on the hosted system, ...
    (microsoft.public.dotnet.security)
  • [ANN] saml2ruby available at OpenSSO Extensions
    ... SAML (Security Assertion Markup Language) is the OASIS standard for representing user authentication, entitlement, and attribute information in XML. ... Its most common use is to support cross-domain/federated web single sign-on. ... There is a sample Rails app that shows how to get SAML-enabled with a minimum of fuss. ...
    (comp.lang.ruby)
  • Re: SAML
    ... I was asked to look into using SAML when authenticating ... supplied by the .NET web application. ... > Dominick Baier - DevelopMentor ... >> This is in combination with the new ADFS stuff, ...
    (microsoft.public.dotnet.framework.aspnet.security)