December 2009 Archives

A couple of weeks ago, I uploaded an animated PowerPoint presentation showing how the SAML and WS-Federation protocols work.  I thought this format would also be helpful to see how Single Sign-On (SSO) works.  It may be obvious to many, but it wasn't to me at first.  So, I hope that this presentation will prove useful to others who are also learning about federation.

The PowerPoint deck is available in my stash.  As always, please post a comment or drop me a line if you have any thoughts or questions.
With the impending release of ADFS, all Microsoft shops will soon have a very powerful tool for establishing federation relationships with their partners using the SAML protocol.  To do so, many of these organizations will require the use of SAML not WS-Federation (especially in industries where federation has broad adoption).  Support for SAML is new in version two of ADFS, so many experienced ADFS administrator or developer are new to the protocol.  I was, so I went digging in the standards to try to figure things out.

The standards are surprisingly easy to read, but, if you're a visual learner, you'd probably rather watch paint dry then read them.  For this reason, I've put together a PowerPoint slide deck that uses animations to demonstrate the various profiles defined by SAML 1 and SAML 2.  I've also compared it to the way in which I've typically seen WS-Federation implemented.  At the end, I have some suggestions on how to pick the appropriate profile.

You can get the deck from my stash.  If you have feedback or find mistakes, please post a comment or drop me a line.