SAML 2.0 implementation in .NET, which library to use

Question

We are about to implement support for SAML 2.0 in our company and we have been going through a long list of libraries (from Wikipedia) that would allow us to implement such identification for our systems more practically (us being the Service Provider).

I recently found out that .NET 4.5 comes with native support for SAML 2.0 through WIF (Windows Identity Foundation). However, having native support by .NET, should we consider using a popular third-party libraries such as ComponentSpace (or anything better perhaps)? Are there any benefits in regards to ease of use, broader settings, flexibility or documentation?

Answer 1

Have a look at SAML : SAML connectivity / toolkit and the links in it.

Having used ComponentSpace, it works and has a good selection of samples and the cost is pretty reasonable.

Obviously, commercial = support.

Not sure about your use case but you could possibly install ADFS and then go:

ASP.NET --> WS-Fed (WIF) --> ADFS --> SAML --> IP.

Answer 2

WIF doesn't support SAML (the protocol). It supports WS-Fed with SAML tokens. If you really want to go down the SAML (protocol) you need to use some other library like ComponentOne's.

TL;DR: WIF, at least theoretically, can do SAML-P too if you extend it. Microsoft wrote this extensions as a "preview" in 2011, but has not updated yet since. You can do it too using the WIF extension model. Most people I know have better things to do though :-).

In general, I would recommend going with a lighter weight, syntactically simpler protocol like OpenID Connect. Plenty of easy to use, simpler to debug, troubleshoot libraries out there.