As I was revving up SecureAttrs C# api, stumbled upon .Net apis to perform XML signing and verification, and that lead to a usable Fedlet prototype for .Net environments.
To test drive it :
Download saml2.dll and sample fedlet.aspx.
Deploy them to your IIS server. ( I copied SAML2.dll to BIN and fedlet.aspx to c:\\Inetpub\\wwwroot )
Execute "Create Fedlet" Task on OpenSSO serving as IDP - point it to your IIS Server that will execute the Fedlet. E.g. : http://www.spp.com/fedlet.aspx. While you are on the console you may setup a attribute mapping to pass some user profile attributes such as cn, mail, employeeNumber etc from IDP to the Fedlet as part of SSO.
Export IDP public key and copy it to C:\\fedlet\\idp.cer
Test : On a browser, invoke the fedlet : http://www.spp.com/fedlet.aspx. It will prompt you for IDP (OpenSSO) url. A URL representing IDP initiated SAML2 SSO is generated and shown as a link. Click on the link to initiate SSO. When prompted for autentication on the IDP end, try the demo user (password : changeit)
keytool -export -keystore keystore.jks -alias test -file idp.cer
Processing rules implemented :
IDP initiated SAML2 POST profile (Unsolicited AuthN Response)
verification of XML signature
verification of IDP entity id.
Work to be done :
Audience restriction and other SAML Conditions procesing rules
Option to verify signature via IDP public key stored locally
AuthNRequest for SP initiated SSO
Support for multiple IDPs
Code will be checked into the OpenSSO source repository shortly after it is reviewed, etc.
fedlet.aspx demonstrates a simple C# SAML2 api, modelled after the Java Fedlet API. Feedback most welcome.