Thursday, April 3, 2014

Designing claims-based tokens using Security Assertion Markup Language(SAML)

The Security Assertion Markup Language (SAML) specification is an open security standard envisioned by Organization for the Advancement of Structured Information Standards (OASIS) Technical Committee for the exchange of security context across service boundaries. The SAML tokens are XML-based (can be transmitted using SOAP/HTTP) and provide a way of implementing claims-based identity that is particularly useful in interoperable scenarios across the identity providers and the service providers.

Following example shows how to create the SAML security tokens using the System.IdentityModel assembly in .NET Framework 4.0.

    Create a new Visual C# Console Application project in Visual Studio
  1. Create a new Visual C# Console Application project in Visual Studio
  2. Add a reference to System.IdentityModel and System.ServiceModel assembly
  3. Open the Program.cs file, and include the System.IdentityModel.Claims, System.IdentityModel.Tokens, System.ServiceModel   and the System.Security.Principal namespaces.
  4. Before we can create SamlSecurityToken, we need to create an instance of the SamlAssertion object that holds the claims information abstracted from the current windows identity. We will write a private static method that accepts a collection of the Claim objects and returns a SamlAssertion object.


  5. Note that SAML v1.1 specification puts a restriction that only resources identifiable by a named string can be used as a SamlAttribute value. In our example, we are using a helper method to translate SecurityIdentifier into readable NTAccount named permissions:


  6. Now, In main method create instance of SamlSecurityToken using the SamlAssertion instance returned from the method “CreateSamlAssertionFromWindowsIdentityClaims()”.


  7. Now Run the program and put debugger on token generation line to see the token.