Share via


SAML STS for WSE 3.0 (reposted)

Every week or so I get another email asking where the sample code for the SAML STS for WSE 3.0 has been moved to now that GotDotNet GotNuked. It wasn't moved anywhere. So I figured I would repost it here for those that needs i. For those new to this you should also take a look at Pablo Cibraro's blog (Pablo was one of the developers on this sample) as he extended this to support credential caching and more.

A few caveats that people should be aware of when looking at this sample code:

  • For obvious reasons, where at all possibly you should seek a WCF based solution first. There still appear to be a few people that cannot use WCF yet - which is why I am reposting this.
  • We did do interop testing between a RC version of WCF and this STS - but this was released before WCF went gold - so if interop is important to you then you should test that.
  • The code within this requires extensive knowledge of .NET security API's. Do not consider deploying this if you do not understand the entire solution.
  • As with all things security related you should ensure you put together an appropriate security threat model and as part of your solution design...
  • And of course batteries are not included!

Most common issues encountered:

  • Configuring the access rights to the certifcates is probably the number one issue people run into. If you need help managing certs / permissions download this awesome tool.

 

SAML_STS_for_WSE3_Jan06.zip

Comments

  • Anonymous
    November 20, 2007
    PingBack from http://msdnrss.thecoderblogs.com/2007/11/21/saml-sts-for-wse-30-reposted/

  • Anonymous
    November 22, 2007
    Since the Gotdot.net site disappears along with the code of this implementation, my friend Jason Hogg

  • Anonymous
    February 11, 2008
    The comment has been removed

  • Anonymous
    March 22, 2008
    Almost all errors that people received are due to security permissions on the private keys associated with certificates. See if the aforementioned certificate tool can help you ensure you have granted appropriate access rights.

  • Anonymous
    June 04, 2008
    Unfortunately I got the same error like Andrew Krowczyk. WSE101: An asynchronous operation raised an exception. The internal message is: {"The remote server returned an error: (500) Internal Server Error."} I can not find any solution. The private keys got ASP.NET rights. CAN YOU HELP ME PLEASE?!?!?!

  • Anonymous
    June 20, 2008
    The other area that was tricky was ensuring your configuration policies were symetric - ie - your client was configured as your service required. Double check those and your permissions...

  • Anonymous
    November 26, 2008
    Get here finally, and get the sample...thanks very much..

  • Anonymous
    July 31, 2009
    Do you happen to know of any SAML implementations that work with ASP.Net 1.1?

  • Anonymous
    August 19, 2009
    In the Known Issues section of the STS Quick Start Design PDF document, there is mention of a memory leak that may lead to an Out of Memory exception when secure conversation is enabled.  Has a fix been created by anyone for this? Thank you.

  • Anonymous
    August 19, 2009
    In the Known Issues section of the STS Quick Start Design PDF document, there is mention of a memory leak that may lead to an Out of Memory exception when secure conversation is enabled.  Has a fix been created by anyone for this? Thank you.

  • Anonymous
    September 01, 2009
    Sample gives me an error not find certificate "CN=WSE2QuickStartServer".

  • Anonymous
    September 24, 2009
    I wanted to modify the namespace of saml to be "urn:oasis:names:tc:SAML:2.0:assertion".  However, when I change the namespace in all of the config files, I receive a CryptographicException WSE502 error.  The details of the error are below.  Why do I receive this error when I change the namespace? System.Web.Services.Protocols.SoapException: System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.Security.Cryptography.CryptographicException:  WSE502:  The target element referenced by the following id can not be found in the message:  SecurityToken-d81xx...  Make sure that the element is present at the time when the signing or encryption operation is performed. Thank you.

  • Anonymous
    October 22, 2009
    It has been a long time since I looked at SAML in detail - and one thing that pops to mind is that the schemas for the assertions may have changed between version 1.1 or 1.2 (can't remember what we implemented) and 2.9. I believe there were significant changes between the versions. Is the error that you are encountering occuring when the receivor (I assume a SAML 2.0 platform) is processing the message or in generating the message?

  • Anonymous
    November 23, 2009
    Hi Plz help me ItemLookup il = new ItemLookup(); when i call the OtemLookup method it gives exception WSE101: An asynchronous operation raised an exception Plz reply Thanks in advance

  • Anonymous
    January 14, 2010
    The comment has been removed

  • Anonymous
    February 23, 2010
    How I can replace Namespace "QuickStart" with custom namespace name? I tried renaming it, it gives error.

  • Anonymous
    June 15, 2011
    Did anyone have SamlTokenIssuer.ashx in the source? For some reason it is not there  for me, neither is the setup.bat file, but I can work around that if I have to. Thanks