Geeks With Blogs
Yossi Dahan Geneva
RoleClaimsMapper for the Geneva Framework
Briefly back on my STS work - Our STS implementation can already replace the authentication implementation of most of our applications; naturally we can’t do that just yet, given that the Geneva-framework has not been released yet, but all of my tests are quite positive so we’re just waiting for the opportunity to start using it. However, so far, we were not in a position to replace the authorisation mechanism, not easily anyway, and that’s something that was on my list for some time now. The STS ......

Posted On Wednesday, April 1, 2009 8:34 AM

Supporting both active and passive scenarios in my STS
In a comment on a previous blog post Travis Spencer asked Can you explain more about how you implemented an STS that supports both active and passive scenarios? So here’s how - To start with – I’ve implemented my STS class with all the logic I needed; this was done as a class library with several classes – my STS implementation, my STS-Configuration class, an STS service factory, my custom WindowsUserNameSecurityToke... implementation and all the classes I needed to support my custom configuration ......

Posted On Sunday, February 15, 2009 10:57 AM

Never thought Url would be case sensitive
Working on my Geneva Framework based STS scenario I’ve stumbled into a very weird and annoying case where by if the user typed a Url in the wrong case (compared to the case of the V-Dir) the browser would enter a circular redirect between the STS and the RP. I’ve started a forum thread, which you can find here, that got an answered by Peter Kron from MS through which I’ve learnt that the path portion of a cookie is case sensitive; you can find this in this RFC spec as well (read 3.3.3) - …the old ......

Posted On Tuesday, December 16, 2008 2:27 PM

Geneva-based passive STS and .net 2.0 web applications
Over the last few weeks I’ve been working on implementing a Geneva Framework based STS that supports both active and passive scenarios. This is progressing very well and I already have a fairly solid PoC running for both scenarios. Generally, to make any web site participate in the federated identity “dance” all it takes is some configuration on the application’s web.config (separate post coming shortly), but up until today I have only done so for web applications developed as a .net 3.5 project. ......

Posted On Thursday, December 4, 2008 9:24 AM

Configuring the Geneva Framework based STS to work with custom UserNamePasswordValidator
It took me a little while (and quite a bit of help from others on this thread) to get to a relatively simple implementation, so I thought I’d summarise the steps I’ve taken – At the risk of sounding the obvious I would definitely recommend making sure the overall STS scenario works well using windows authentication before changing it to support custom authentication. Once that’s done change the STS’ bindings’ clientCredentialType to UserName and the establishSecurityContext to false. <ws2007HttpBinding> ......

Posted On Tuesday, November 25, 2008 10:17 AM

From "Zermatt" to the "Geneva Framework" part II
A couple of days ago I've posted about the changes I've had to make to allow my custom STS to work with the updated Geneva framework. there's one more, quite crucial, change that I had to make, which I will try to describe next - If my understanding is correct (and unfortunately there's all the chances in the world that it is not, so if you know otherwise please do comment) the October Geneva SDK has tightened security a little bit around token validation. I believe that the previous version of SDK, ......

Posted On Thursday, November 6, 2008 9:57 AM

From "Zermatt" to the "Geneva Framework"
I have already mentioned that Zermatt has been renamed as the "Geneva Framework", which makes total sense. At PDC Microsoft have released a new download for the "Geneva Framework", which I have downloaded today to check some of my code against; While not at all an extensive list, here are the changes I had to do to my code to get it to work with the updated framework - On the STS: The SecureTokenService class, which is the base class for any STS implementation has moved to the main Microsoft.IdentityModel ......

Posted On Tuesday, November 4, 2008 7:35 PM

Copyright © Yossi Dahan | Powered by: | Join free