Monday, June 30, 2014

AD FS 2.0 and Shibboleth 2

Well, the story starts like this. Somehow my boss decided that we should stick to Microsoft technology when it comes to identity federation. And it so happens that AD FS 2.0 now supports Shibboleth albeit with some really get-your-hands-dirty manual tweaks. One of the major pain points is that we need to hand-edit the ADFS metadata XML file to be presented to the Relying Party. (If all these sounds like Navajo to you, google up Shibboleth, it's an interesting technology)

Anyways, time passed, and it's almost a year into our production deployment. Now, due to the yearly certificate rollover, we have a need to rebuild the Shibboleth XML metadata for our Relying Party. Having to do this once a year is just too risky for a production system, so I decided it's time to put my ASP.NET skills into good use again.

Well, the result was a simple MVC web application that loads the auto-generated metadata from ADFS default URL location, go some really hack-ish massaging to it, and spit out a well-formed XML metadata that Shibboleth 2.x SPs will happily parse. 

Also, this is the first time I'm using codeplex! ^.^

You can download the app package and source code here:
http://a2s.codeplex.com