{"id":1150,"date":"2010-07-12T17:11:50","date_gmt":"2010-07-13T01:11:50","guid":{"rendered":"\/?p=1150"},"modified":"2015-01-04T16:40:19","modified_gmt":"2015-01-04T22:40:19","slug":"southworks-seeds-open-source-claims-transformer","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1150","title":{"rendered":"Southworks seeds open source claims transformer"},"content":{"rendered":"

Reading Matias Woloski's blog<\/a> I\u00a0see that\u00a0Southworks <\/a>has put\u00a0its\u00a0work bridging\u00a0OpenID and WS-Federation into an open source project<\/a>\u00a0(download here<\/a>).\u00a0\u00a0\u00a0 This is a great move.\u00a0 He also shows some screen shots that give a good\u00a0feel for\u00a0what was involved in the Medtronics proof of concept described here<\/a>.\u00a0\u00a0Matias writes:<\/p>\n

A year ago I wrote a blog post<\/span><\/a> about how to use the Windows Identity Foundation with OpenID. Essentially the idea was writing an STS that can speak both protocol WS-Federation and OpenID, so your apps can keep using WIF as the claims framework, no matter what your Identity Provider is. WS-Fed == enterprise, OpenID == consumer\u2026<\/p>\n

Fast forward to May this year, I\u2019m happy to disclose the proof of concept we did with the Microsoft Federated Identity Interop group (represented by Mike Jones<\/span><\/a>), Medtronic<\/span><\/a> and PayPal<\/span><\/a>. The official post from the Interoperability blog<\/span><\/a> includes a video about it<\/span><\/a> and Mike also did a great write up<\/span><\/a>…<\/p>\n

The business scenario brought by Medtronic is around an insulin pump trial. In order to register to this trial, users would login with PayPal, which represents a trusted authority for authentication and attributes like shipping address and age for them. Below are some screenshots of the actual proof of concept:<\/p>\n

\"image\"<\/a><\/p>\n

\"image\"<\/a><\/p>\n

\"image\"<\/a><\/p>\n

\"image\"<\/a><\/p>\n

While there are different ways to solve a scenario like this, we chose to create an intermediary Security Token Service that understands the OpenID protocol (used by PayPal), WS-Federation protocol and SAML 1.1 tokens (used by Medtronic apps). This intermediary STS enables SSO between the web applications, avoiding re-authentication with the original identity provider (PayPal).<\/p>\n

Also, we had to integrate with a PHP web application and we chose the simpleSAMLphp<\/a> library. We had to adjust here and there to make it compatible with ADFS\/WIF implementation of the standards. No big changes though.<\/p>\n

We decided together with the Microsoft Federated Identity Interop team to make the implementation of this STS available under open source using the Microsoft Public License<\/a>.<\/p>\n

And not only that but also we went a step further and added a multi-protocol capability to this claims provider. This is, it\u2019s extensible to support not only OpenID but also OAuth and even a proprietary authentication method like Windows Live.<\/p>\n

\"image\"<\/a><\/p>\n

\u00a0<\/p>\n

\u00a0<\/p>\n

DISCLAIMER<\/strong>: This code is provided as-is under the <\/em>Ms-PL license<\/em><\/a>. It has not been tested in production environments and it has not gone through threats and countermeasures analysis. Use it at your own risk.<\/em><\/em><\/em><\/p>\n

Project Home page
\n<\/strong>http:\/\/github.com\/southworks\/protocol-bridge-claims-provider<\/a><\/p>\n

Download
\n<\/strong>http:\/\/github.com\/southworks\/protocol-bridge-claims-provider\/downloads<\/a><\/p>\n

Docs
\n<\/strong>http:\/\/southworks.github.com\/protocol-bridge-claims-provider<\/a><\/p>\n

If you are interested and would like to contribute, ping us through the github page, twitter @woloski or email matias at southworks dot net<\/p>\n

This endeavor could not have been possible without the professionalism of my colleagues: Juan Pablo Garcia<\/a> who was the main developer behind this project, Tim Osborn<\/a> for his support and focus on the customer, Johnny Halife<\/a> who helped shaping out the demo in the early stages in HTML :), and Sebastian Iacomuzzi<\/a> that helped us with the packaging. Finally, Madhu Lakshmikanthan who was key in the project management to align stakeholders and Mike who was crucial in making all this happen.<\/p>\n

Happy federation!<\/p>\n","protected":false},"excerpt":{"rendered":"

With Southworks’ STS your apps can keep using WIF as the claims framework, no matter what your Identity Provider is. WS-Fed == enterprise, OpenID == consumer\u2026<\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[37,19,10,8,22,80],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1150"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1150"}],"version-history":[{"count":2,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1150\/revisions"}],"predecessor-version":[{"id":1406,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1150\/revisions\/1406"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1150"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1150"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1150"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}