I m trying to get my head around all the claims based windows identity foundation magic.
Assuming I don t want to use ADFS, one thing that isn t clear to me is whether its best to roll your own STS using WIF to do some of the hard work or to rely on a third party.
And if it is the third party option - what third party STS s are there
It all depends where your authentication information is of course. If you aren t using AD, but are using something else then it s up to that provider to supply an STS.
If all you want is something database driven, well there are a few out there, and it depends on what development platform you re happiest with when you come to customise it.
If you re using .NET then you could use the StarterSTS as a starting point (no pun intended).
Safewhere*Identify is a third-party STS built on WIF, but supporting additional protocols and with a more pluggable architecture than ADSF2.
Full Disclosure: I work for Safewhere and am heavily involved in both architecting and developing the product.
You should never roll your own STS (if you can avoid it). Creating an STS suited for a developer demo is trivial, but a world-class, enterprise caliber STS is no small undertaking. Besides ADFS and Safewhere s STS (which Mark mentioned), the following products include an STS (or they say they support WS-Trust which implies this):
Also, the Java framework Metro is like WCF + WIF. It has everything you need to create an STS, which you shouldn t do; if, however, you evaluate those products and find that they won t satisfy your needs, rolling your own is your only option.
Travis,
Many of the products you listed are familiar to me from the IdM space. Especially Novell and Oracle...but most of these are either an entire stack or parts of a suite. And all of them will require an identity store and authentication services, right?
For example, to use Novell or Oracle or Ping, you would still need to implement a directory or some other user store, authenticate the users somehow (IWA or login page using a service provided by the product, for instance) and then federate that user to the WIF based RP, right?
How would you suggest comparing these suggestions to an do-it-yourself ADFS implementation?
The reason I ask...
We have already build a core framework and product set based on claims, using WIF to consume those claims. We are now looking at deploying ADFS as an STS, and want to step back first and consider if there is a way to accelerate a real prod deployment. We have been using the starterSTS until now...
We need to support several options for authentication: 1) IWA into the RP using our internal AD for users within our enterprise 2) provide a way for our customer s users to login using users we own and control as their IDP (assuming a new directory for them, seperate from our internal AD), and 3) external IDPs where our customers authenticate the users and federate into us.
Option 2 is something we need some authentication service for...so since we can not get away with 100% federated SSO with external IDPs, any third party option must include authentication services.
I looked briefly at the the safewhere site and didn t see any usable details about an STS alternative working with WIF. I see some federation product(s) and a WAM product...what exactly do they offer as an STS?
Thanks for any input you might have.
As a learning experience I recently tried implementing Quicksort with 3 way partitioning in C#. Apart from needing to add an extra range check on the left/right variables before the recursive call, ...
I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...
I have two EF entities. One has a property called HouseNumber. The other has two properties, one called StartHouseNumber and one called EndHouseNumber. I want to create a many to many association ...
I m using decimal type (.net), and I want to see if two numbers are equal. But I only want to be accurate to 10 decimal places. For example take these three numbers. I want them all to be equal. 0....
I m creating an STA version of the SynchronizationContext for use in Windows Workflow 4.0. I m wondering what to do about exceptions when Post-ing callbacks. The SynchronizationContext can be used ...
I ve got some code which sets up a datacontext. Often enough, the datacontext should be set to some underlying data collection, such as an ObservableCollection - but occasionally I d like to set it ...
I am building an application with C#. I managed to turn this into a single instance application by checking if the same process is already running. Process[] pname = Process.GetProcessesByName("...
NOTE I have asked the related question (with an accepted answer): How to combine DataTrigger and Trigger? I think I need to combine an EventTrigger and a DataTrigger to achieve what I m after: when ...
