How to make ASP.NET application in Windows 2003 Server a SP/Relying-Party to a SAML or WS-* IdP/Asserting party

Question

I've tried the Geneva Framework and gone through the Identity Training Kit. However, after looking in these forums, it seems it won't be supported for deployment in Windows Server 2003. I don't think we'll be able to force any of our clients to upgrade to Windows 2008. Thus it seems I have to consider another solution.

Here are some of the requirements:
- ability to consume HTTP-POST Proffile assestions
- providing the user browser with a standard securitiy tcken to provide session integrity to ASP.NET application

DISCLAIMER: This a new subject area, my question may not even make sense, but I'm hoping someone can point me in the right direction.

ALSO: Hacking the registry to install GENEVA is also not an option (we don't host the deployment enviromnet - and IT at client would not be happy with that)

Answer 1

The Framework is supported on Windows Server 2003:

https://www.connect.microsoft.com/content/content.aspx?ContentID=10101&SiteID=642

So any web applications written using the Geneva Framework will run just fine on Windows Server 2003 SP2.

However, Geneva Server (the STS based on the Framework) is only supported on Windows Server 2008.

Answer 2

Thanks - i somehow didn't see that. So does it mean that i can simply deploy my app with Geneva Framework on Windows Server 2003, and use the fedutil.exe to connect to a partners/idp STS like ADFS or GENEVA Server or Shibboleth etc?

From what I read about the difference between ADFS 1 and Geneva (server/framework) is that it seems you always need ADFS 1 RP in addition to your web application, but Geneva can have the application be a direct RP to the IdP without the need for Geneva Sever. Is this a correct conclusion?

Thanks again.

Answer 3

I am not sure if what you said about ADFSv1 is correct, but if you write a relying party with WIF (Geneva Framework) you do don't need ADFSv2 (Geneva Server), only the framework runtime.