WCF service consuming passively issued SAML token

Posted by Neillyboy on Stack Overflow See other posts from Stack Overflow or by Neillyboy
Published on 2010-05-20T09:57:38Z Indexed on 2010/05/20 10:00 UTC
Read the original article Hit count: 314

Filed under:
|
|

What is the best way to pass an existing SAML token from a website already authenticated via a passive STS?

We have built an Identity Provider which is issuing passive claims to the website for authentication. We have this working. Now we would like to add some WCF services into the mix - calling them from the context of the already authenticated web application. Ideally we would just like to pass the SAML token on without doing anything to it (i.e. adding new claims / re-signing). All of the examples I have seen require the ActAs sts implementation - but is this really necessary? This seems a bit bloated for what we want to achieve.

I would have thought a simple implementation passing the bootstrap token into the channel - using the CreateChannelActingAs or CreateChannelWithIssuedToken mechanism (and setting ChannelFactory.Credentials.SupportInteractive = false) to call the WCF service with the correct binding (what would that be?) would have been enough.

We are using the Fabrikam example code as reference, but as I say, think the ActAs functionality here is overkill for what we are trying to achieve.

© Stack Overflow or respective owner

Related posts about WIF

Related posts about wcf