* They both do this by allowing sites ([[IT/#RP/]]) to present proof that a site and a user are who they say they are. * support [[IT/#SSO/]] and they both support metadata to exchange SSO information between parties.
* SAMLP is older specification than WS-Federation/.
* WS-Federation/: championed by Microsoft Corporation which has invested heavily into incorporating WS-Federation into its products.
In reality, most people only use the “passive” features that allow single sign-on between web sites.
For solving single sign-on problems, not much.
One may be easier to set up depending on the environment. But, either can meet your SSO needs.
So which should you choose? SAML is an older protocol and enjoys widespread support. Software-as-a-Service (SaaS) vendors are more likely to support it than WS-Federation.
On the other hand, if you are in a mostly Microsoft world, WS-Federation is more ubiquitous.
Microsoft’s Active Directory Federation Services (ADFS) comes with Active Directory supports both WS-Federation and SAML but is easier to configure for WS-Federation.
Microsoft’s Windows Identity Foundation (WIF) toolkits make it easy to enable home-grown ASP.NET applications for WS-Federation. WIF SAML support is currently in a community technology preview (CTP) release.