StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POHow to process saml:Assertion in WCF?
primarykey
Id
13870229
data
AcceptedAnswerId
13896963
AnswerCount
2
ClosedDate
CommentCount
2
CommunityOwnedDate
CreationDate
2012-12-13T23:16:15.957
FavoriteCount
0
LastActivityDate
2012-12-20T23:34:44.597
LastEditDate
2012-12-20T23:34:44.597
LastEditorUserId
80516
OwnerUserId
80516
ParentId
0
PostTypeId
1
Score
1
ViewCount
2615
LastEditorDisplayName
text
Body
New to WCF, but very familiar with past WSE* paradigms. I'm finding the configurability (read: complexities) of WCF to be quite a challenge. I'm attempting to use a .NET 4.0 WCF Client to consume a web service provided by our government which runs on WebSphere Application Server/6.1. Their scheme uses a UsernameToken to authenticate and exchange for a SAML Assertion over HTTPS transport encryption. This SAML Assertion is used for the remainder of the opertations with their services. When attempting to "Login" (i.e. acquire the SAML Assertion), I'm getting the following exception from WCF when it attempts to process the return SOAP: "Cannot find a token authenticator for the 'System.IdentityModel.Tokens.SamlSecurityToken' token type. Tokens of that type cannot be accepted according to current security settings." Here's my settings file: <pre><code><system.serviceModel> <client> <endpoint binding="basicHttpBinding" bindingConfiguration="Default" contract="ServiceProxy.Login" name="Login" /> </client> <bindings> <basicHttpBinding> <binding name="Default"> <security mode="TransportWithMessageCredential"> <transport clientCredentialType="None"/> <message clientCredentialType="UserName" /> </security> </binding> </basicHttpBinding> </bindings> </system.serviceModel> </code></pre> Here's the SOAP request: <pre><code><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <s:Header>  <ActivityId CorrelationId="c9363270-1b33-4ffe-90b0-427feebcebf6" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">cadd6a3c-7b36-46eb-9130-390227effc08</ActivityId> <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <u:Timestamp u:Id="_0"> <u:Created>2012-12-13T22:50:22.308Z</u:Created> <u:Expires>2012-12-13T22:55:22.308Z</u:Expires> </u:Timestamp> <o:UsernameToken u:Id="uuid-91607d82-da2c-4004-93b6-baf5973ba057-1"> <o:Username>  </o:Username> <o:Password>  </o:Password> </o:UsernameToken> </o:Security> </s:Header> <s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <LoginRequest xmlns="http://snipped.url/Services.xsd"></LoginRequest> </s:Body> </s:Envelope> </code></pre> And here's the response that makes WCF choke: <pre><code><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header>  <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" s:mustUnderstand="1"> <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="id-94ef81a2eba3b246e284f72c3313e32ababe9482" IssueInstant="2012-12-13T22:50:23.930Z" Issuer="http://www.forumsys.com/sentry" MajorVersion="1" MinorVersion="1"> <saml:Conditions NotBefore="2012-12-13T22:50:23.930Z" NotOnOrAfter="2012-12-14T08:50:23.930Z"></saml:Conditions> <saml:AuthenticationStatement AuthenticationInstant="2012-12-13T22:50:23.930Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"> <saml:Subject> <saml:NameIdentifier>  </saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:SubjectLocality>  </saml:SubjectLocality> </saml:AuthenticationStatement> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier>  </saml:NameIdentifier> <saml:SubjectConfirmation> <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod> </saml:SubjectConfirmation> </saml:Subject> <saml:Attribute AttributeName="SMSESSION" AttributeNamespace="http://www.forumsys.com/sentry"> <saml:AttributeValue>  </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement> </saml:Assertion> <u:Timestamp xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" u:Id="_0"> <u:Created>2012-12-13T22:50:22.308Z</u:Created> <u:Expires>2012-12-13T22:55:22.308Z</u:Expires> </u:Timestamp> <o:UsernameToken xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" u:Id="uuid-91607d82-da2c-4004-93b6-baf5973ba057-1"> <o:Username>  </o:Username> <o:Password>  </o:Password> </o:UsernameToken> </o:Security> </soapenv:Header> <soapenv:Body> <wn1:LoginResponse xmlns:wn1="http://snipped.url/Services.xsd"> <wn1:Status>session counter updated</wn1:Status> </wn1:LoginResponse> </soapenv:Body> </soapenv:Envelope> </code></pre> The above response is a successful response and matches prior versions running on WSE2/3 (which for other reasons I'm unable to use going forward). How do I get WCF to acknowledge the above response as valid? Or perhaps just to get it to ignore the fact that it can't parse it and I can manually parse it perhaps. I'm stumped! UPDATE #1: I started to go down the Custom Client credentials route. This seemed promising, if a bit complicated. If you want to go this route... 1) See MS article series here: <a href="http://msdn.microsoft.com/en-us/library/ms730868(v=vs.100).aspx" rel="nofollow">http://msdn.microsoft.com/en-us/library/ms730868(v=vs.100).aspx</a> 2) Also see WCF Samples WCF\Extensibility\Security\SamlTokenProvider. 3) Blog post using this method: <a href="http://bronumski.blogspot.com/2011/11/this-has-been-hanging-around-in-my.html" rel="nofollow">http://bronumski.blogspot.com/2011/11/this-has-been-hanging-around-in-my.html</a> This should allow you to use SAML Assertions without WIF. UPDATE #2: See my answer and ultimate solution below.
Tags
<.net><wcf><wcf-security>
Title
How to process saml:Assertion in WCF?
singulars
PostAcceptedAnswerId
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
PostParentId
1. This table or related slice is empty.
PostTypePostTypeId
1. PTQuestion
UserLastEditorUserId
1. USwes
UserOwnerUserId
1. USwes
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. PO
 singulars
 PostTypePostTypeId
 PTAnswer
2. PO
 singulars
 PostTypePostTypeId
 PTAnswer
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. COYou should add your solution as an answer, so that you can get upvotes, and so that future readers can find it more easily.
 singulars
 PostPostId
 POHow to process saml:Assertion in WCF?
 UserUserId
 USJohn Saunders
2. COHmmm. Technically Yaron gave the answer, which I accepted, I just detailed the final solution in my OP. If I do what you suggest, wouldn't that apply the points to me instead of Yaron? (Not very familiar with how SO does that)
 singulars
 PostPostId
 POHow to process saml:Assertion in WCF?
 UserUserId
 USwes

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.