I am happy to announce the “Thinktecture STS Starter Kit” sample. The STS starter kit is a compact, easy to use identity provider that is completely based on the ASP.NET provider infrastructure. It is built using the Geneva framework Beta 2 bits and is a self contained web site with passive and active endpoints (Christian has some screenshots).
The motivation behind writing this sample is twofold. First, writing a custom STS from scratch is not terribly hard – but it is also not a trivial task. In addition the full featured Geneva Server product may not fit your requirements (e.g. because your users are not stored in Active Directory). So a lot of people I spoke to mentioned that it would be nice to have a simple STS that uses membership, roles and profile and that is easy to setup and get going.
The other reason is that starter STS is not terribly complex and could be used as a learning tool on how to write custom token services. You could e.g. replace the provider plumbing with your own libraries while you go.
- active and passive security token service
- supports WS-Federation, WS-Trust 1.3 (message and mixed) and SAML 1.1/2.0 tokens
- based on the standard membership, roles and profile provider infrastructure
- membership provider is used to authenticate users and to provide a name and email claim
- role provider is used for authorization in the web front-end and to provider role claims
- profile provider is used to allow users to supply profile information which gets turned into claims
- easy administration of the provider features using the IIS7 manager
- easy configuration – you don’t have to deal with Geneva or WCF settings directly
- control over security policy (SSL, encryption, SOAP security)
- dynamic web UI to allow users to maintain their profile data
- automatic generation of a WS-Federation metadata document to allow RPs to federate using e.g. FedUtil
To make it even easier for you to setup and start using the STS, I have recorded a screencast that walks you through the installation and setup process. In the following posts I will focus more on on some of the feature areas and explain how they are used and implemented. Have fun!