Issuing SAML tokens from an STS using WSE 3.0
I thought for sure I blogged about this ... man, that means this is like 13 days late ... geez. Well, lucky for you we're not going to pull it off the Web anytime soon. Hopefully you heard about it over on Jason's blog. If you have no idea what I'm talking about, let me introduce you to the SAML STS for WSE 3.0 QuickStart. To download it, just join and login to the workspace - you'll see the link in the Downloads section.
This project is an extension of the Web Service Security guide we released last year. In that guide, there is a brokered authentication design pattern for a Security Token Service (STS). This is a great place to start if you're not familiar with the role of an STS or why you might use one. Unfortunately, we didn't have time to include an implementation pattern for an STS. Well, that's precisely what this project is. Even cooler is the fact that it issues SAML 1.1 tokens. Security Assertion Markup Language (SAML) tokens are an extensible XML token that offer a high degree of interoperability. For example, we interop tested this QuickStart with the SAML token in the December CTP drop of WCF. SAML is also a nice token because it doesn't require the infrastructure that Kerberos and X.509 do and it's capable of much more than the Username token ... specifically, you can sign and encrypt with it too.
I'll drill into the interesting parts of the code in a later post, but before I sign out, I should mention that the ZIP file contains more than just the QuickStart sample code. It also contains the implementation pattern, a design document, and (of course) installation instruction. Check it out ... I think you'll learn a lot.