Comments for Zulfiqar's weblog

Comment on ExtractSAMLAssertion by zamd

zamd — Tue, 21 Feb 2012 11:57:45 +0000

EncryptedKeyResolver should do that job.

Comment on Deploying Umbraco to Windows Azure by zamd

zamd — Tue, 21 Feb 2012 11:16:12 +0000

4.7.1

Comment on Deploying Umbraco to Windows Azure by mischievousOne

mischievousOne — Thu, 16 Feb 2012 21:39:39 +0000

Which version of Umbraco?

Comment on ExtractSAMLAssertion by CRudolphi

CRudolphi — Mon, 13 Feb 2012 14:55:01 +0000

Hi Zulfiqar,
Thanks for posting very useful information.
I’m using WIF with ACS2.0. I’ve tried your approach but found that I had to pass the InnerXml instead of the OuterXml in this line of code:
var sr = new StringReader(token.TokenXml.OuterXml);
when using the OuterXML, the TokenHandler complained about the XML not being positioned on an EncryptedData element. Otherwise, works great!

One question for you: If one wanted to support that the STS might have used one of several certificates to encrypt the token (say because of certificate expiration you wanted to allow for some operational grace period in which it might be possible that the STS would use either an older or a newer certificate); would it become the responsibility of the EncryptedKeyResolver to identify which certificate was used (from the KeyIdentifierClause)? Or would one simply add multiple EncryptedSecurityTokenHandlers to the token handling collection?

Comment on Web Services Federation with ACS v2 by zamd

zamd — Wed, 25 Jan 2012 18:45:57 +0000

Hi Dan,

IssueToken endpoint accepts a SAML token issued by a trusted issuer. You can add your custom SAML issuer’s(aka STS) signing cert to ACS to establish the required trust relationship.

HTH,
Zulfiqar

Comment on DataContract Serializer and IsReference property by C# | Pearltrees

C# | Pearltrees — Tue, 24 Jan 2012 19:47:22 +0000

[...] DataContract Serializer and IsReference property « Zulfiqar's weblog [...]

Comment on DataContract Serializer and IsReference property by SKETSA

SKETSA — Mon, 23 Jan 2012 00:21:40 +0000

SKETSA…

[...]DataContract Serializer and IsReference property « Zulfiqar's weblog[...]…

Comment on Web Services Federation with ACS v2 by Dan

Dan — Wed, 18 Jan 2012 15:12:27 +0000

Hi! This is a great post. It really helps how you go through all the steps as if one is figuring stuff out and getting errors along the way.

What sort of tokens does the IssuedToken endpoint accept? If Google, LiveID, or Yahoo offered active endpoints, I assume one could then use this IssuedToken endpoint to feed in the token to get a transformed ACS token. To my knowledge I don’t think they offer active endpoints.

Will the IssedToken endpoint accept any token that is signed with a symmetric key that is specified in the ACS portal? If so (or if not), how would it be possible to solely use WS-Trust (not web-based federation), take some Google credentials, for example, and end up with a good valid wholesome ACS token?

Comment on DataContract Serializer and IsReference property by implantar crm

implantar crm — Fri, 23 Dec 2011 23:16:05 +0000

implantar crm…

[...]DataContract Serializer and IsReference property « Zulfiqar's weblog[...]…

Comment on Forms Auth & Federated Security (part 2) by zamd

zamd — Fri, 23 Dec 2011 15:58:06 +0000

Hi,
When there isn’t enough information on how to acquire a token (e.g. STS binding or URL is missing), the IssueTokenProvider launches the CS selector and asks it for token issuance. Please make sure required information is passed to IssuedSecurityTokenProvider….