Scenario

In this scenario you have WCF service that exposes SOAP endpoint. It needs to authenticate requests based on issued SAML tokens. Identities and their credentaitlas are managed in corporate Active Directory (AD).

WCF Services exposes SOAP endpoint.
Authenticates requests based on issued tokens.
Tokens are of SAML format.
Identities are in corporate Active Directory (AD)

Solution Approach

Windows Azure AppFabrice Access Control Service (ACS) and ADFS are used to solve this scenario.

ACS does not manages Service Identities (SI) and its credentials
Authentication is accomplished via ADFS
WIF is used on the agent (WCF client) end to request the token from ACS and send it to the WCF service.
WIF is used on the WCF service end to validate and parse the token issued by ACS

Analysis

In this solution an agent (WCF client) uses WIF to send request directly to ACS requesting a SAML token based on the credentials which which are managed in corporate Active Directory. The identities are available through AD FS. Credentials type is controlled by AD FS which returns valid SAML token upon successful authentication. For more details on tokens read Token Formats Supported in ACS. ACS issues the SAML token upon successful validation of the SAML token issued by AD FS. The agent sends the token to the WCF service where it is validated and parsed using WIF. For more info read Web Services and ACS. ACS does not manage service identities and their credentials using Service Identities entities.