January 2011 - Posts
When you’re working with Web SSO integration, sometimes it’s helpful to be able to decode the tokens that get passed around via the browser from the various participants in the trust – RP, STS, etc.
With SAML tokens, sometimes they’re simply base64 encoded when they’re in the POST body; other times they’re part of the query string, which they end up being base64encoded, deflated, then Url encoded.
I always end up putting together some simple tool that does this for me – so, this is an effort to make this more permanent.
It’s a simple WinForms application that is using NetFx 4.0.
Download
Along with the release of WebMatrix announced here..
http://blogs.msdn.com/b/webplatform/archive/2011/01/12/webmatrix-shipping-january-13-2011.aspx
A slew of dependencies were released as well. If you download WebMatrix, it will install these dependencies – also via a new release of the Web platform installer (3.0).
You get IIS 7.5 Express for hosting the Web Matrix projects as well.
And, to top it off – the Microsoft Web Deploy 2.0 tool…
The ASP.NET updates include the Visual Studio 2010 tools updates, adding the MVC3 templates, and, under websites, adding a template for ASP.NET Web Site (Razor)
There’s no doubt that certificate management, when you haven’t futzed with it for some time, is a fun time…
Raffaele Rialdi has the start of what looks like a promising tool to help manage the process of managing and deploying certificates for services (WCF) and a bunch of other tasks.
http://www.iamraf.net/Tools/DeployManager-first-release-certificates-management
http://microsoft.com/showcase/en/us/details/b70adae9-a01d-4b09-9fe9-69b041563640
An Introduction to the Claim Rule Language
Watch this video to see Stuart Kwan (Group PM for the Federated Identity product team at Microsoft) introduce the concepts of the Claim Transformation (Rule) Language used in "Geneva" Server Beta 2. Please leave a comment on the TechNet page to let us know what you think (click Windows Server logo to visit the guide). Thank you for watching! – The Federated Identity Documentation Team
I spent way too many hours on this one. I was going through full configuration of ADFS v2 with WCF active client scenarios and using self generated certificates, had all things lined up perfectly. Using the certificate snap in I just copied the thumbprint into the IdentityModel section (trusted issuers) in my service config.
var one = "ecb8fd950978d94ae21d4f073227fdc2718bdb96";
var two = "ecb8fd950978d94ae21d4f073227fdc2718bdb96";
What ended up is in the first, there’s a buried nonprintable series of characters (‎ – or E2 80 8E in 0x format).
2 lessons, turn on tracing sooner and don’t trust Copy & Paste – all the time. I ended up creating a quick Issuer Name Registry class so I could debug and finally saw the issue.
namespace MyService
{
public class IssuerValidator : ConfigurationBasedIssuerNameRegistry
{
public IssuerValidator() :base()
{
}
public IssuerValidator(XmlNodeList xml) : base(xml) { }
public override string GetIssuerName(System.IdentityModel.Tokens.SecurityToken securityToken)
{
X509SecurityToken token = securityToken as X509SecurityToken;
if (token == null)
{
return "who cares";
}
else
{
return token.Certificate.Thumbprint;
}
}
}
I do have a utility I wrote to navigate the cert store and emit the thumbprint to avoid these issues, I just didn’t have it available on my machine at the time.