Protocols Supported By Windows Identity Foundation (WIF)

Some information in this post is based on Vittorio’s new book Programming Windows Identity Foundation (Dev - Pro).

Protocols supported by Windows Identity Foundation (WIF):

  • WS-Federation
  • WS-Trust
  • WS-Security
  • WS-SecurityPolicy
  • WS-Addressing

SAML-P protocol is not supported by WIF. SAML 1.1 and SAML 2.0 tokens can be used with WIF (see Claims Extracted by Windows Identity Foundation from Different Token Types). Sharepoint 2010 claims authentication uses WIF thus does not support SAML-P protocol neither. ADFS 2.0 is a Microsoft product that supports  SAML-P protocol.  Use ADFS V2.0 to allow SAML 2.0 bsed federation for Sharepoint 2010, here is how - Configuring SharePoint 2010 and ADFS v2 End to End.

Good overview for both ADFS 2.0 and WIF - Security Talk: Azure Federated Identity Security Using ADFS 2.0, another good overview that covers Azure AppFabric Access Control Service (ACS) and ADFS 2.0 integration here - Access Control Service & ADFS v2.0 Integration

There are 3rd parties that offer SAML federation capabilities extending WIF similar to Safewhere’s SAML 2.0 for Windows Identity Foundation and Componentsoft's ASP.NET SAML Component - SAML 1.1 & SAML 2 for C#, VB.NET & ASP.NE

Case study how Microsoft IT used WIF and ADFS to provide federation with 3rd parties - MSIT Showcase Enhancing Federation Services for Internal and External Partners.

More Info