We are currently designing the security of a system, which has a WPF client (.net 4) and Java Web Services (SOAP 1.2). We would like to use claims based security with SAML Tokens.
Since we have a .net client we are considering using WIF.
There was a CTP release of WIF Extensions for SAML2 Protocol in May 2011, I have not been able to find anything newer than this.
When will the WIF Extensions for SAML2 Protocol be available?
If they are not available in the near future, could we use SAML 1.1 with SOAP 1.2?
You probably don’t need WIF at all for this scenario. WCF supports claims based security bindings. You will just need to configure WCF for that.
You could use WIF to request a Security Token from the STS the Java web service is trusting, but that’s optional.
Of course, being an interop scenario, I would strongly suggest a proof of concept, because all stacks are equal, but some are more equal than others when it comes to standards implementations.
Notice that a common source of confusion is the fact that SAML is both a protocol (as in the messages exchanged between clients, servers and STSs) and a token format. For example, SAML-P (a protocol) uses SAML tokens, but so does WS-Federation (another protocol).
Look at any of the “Active” samples in WIF or in this guide.