.NET Framework Bookmark and Share   
 index > Claims based access platform (CBA), code-named Geneva > Can Geneva Server Beta 2 produce SAML 2.0 token type under WS-Federation passive?
 

Can Geneva Server Beta 2 produce SAML 2.0 token type under WS-Federation passive?
Hi,

I know Geneva Server in the Relying Party role can consume SAML 2.0-protocol. The tokens are, however, converted to SAML 1.1 tokens under WS-Federation passive from the Relying Party to any Relying Parties that might trust the Geneva Server. Is there any way for me to run SAML 2.0-tokens under WS-Federation passive? This works just fine in Geneva Framework, but I haven't found a switch anywhere in Geneva Server for it.

Thanks,
Jesper Hvid
Jesper Hvid
Thanks for the input - I'll raise the idea of having a switch to enable emitting SAML2 tokens with WS-Fed with the product team.

Yes, Geneva supports SAML 2.0 protocol in the Identity Provider role. The Beta 2 bits have limited support -- SP-initiated authentication only -- but the final bits will be conformant with the SAML IdP Lite profile and support IdP-initiated authentication and single logout.
  • Marked As Answer byJesper Hvid Sunday, August 09, 2009 12:22 PM
  •  
Colin Dellow - MSFT

Geneva Server doesn'tsupport emitting SAML2 tokens in the WS-Federation protocol. Do you have a scenario that needs support for SAML2 tokens in the WS-Federation profile?

Colin Dellow - MSFT
OK, thanks.

We have a solution running with a Geneva Framework Passive STS producing SAML 2.0-tokens and at some point in time we'd like to move it to Geneva Server. The token format is SAML 2.0 for political- (read: non-logical) reasons.

Does Geneva support SAML 2.0 protocol in the Identity Provider role eg. producing SAML 2.0 tokens through SAML 2.0-protocol or does it only consume it?
Jesper Hvid
Thanks for the input - I'll raise the idea of having a switch to enable emitting SAML2 tokens with WS-Fed with the product team.

Yes, Geneva supports SAML 2.0 protocol in the Identity Provider role. The Beta 2 bits have limited support -- SP-initiated authentication only -- but the final bits will be conformant with the SAML IdP Lite profile and support IdP-initiated authentication and single logout.
  • Marked As Answer byJesper Hvid Sunday, August 09, 2009 12:22 PM
  •  
Colin Dellow - MSFT
Check out this one: NetXtremeSaml for SAML v1.1 and NetXtremeSaml2 for SAML v2.0.
Thanks, but I'm not interested in any third party libraries. There are plenty around that can do that. I want the support in Geneva Server.
Jesper Hvid

You can use google to search for other answers

Custom Search

More Threads

• expired token behavior?
• Technical Reason Why ClaimsAuthorizationModule specified in two places system.webServer and system.web
• Geneva Server ConfigWizard error
• Error from multiple vanilla Geneva Server installations
• Geneva - VS 2008 integration
• Geneva Server Configuration Wizard - Provider Load Faliure
• Geneva Framework and Silverlight
• using Geneva & Exchange Server
• The request for security token failed. SharePoint + Geneva STS
• Extend token lifetime in Geneva Server
Home          Copyright 2009-2010 by netframeworkdev.com All rights reserved