SAML (Security Markup Language) - can this be implemented via network infrastructure
I think ADFS supports this, so you don't need to write any code. Just do some configuration tweak.
AD FS implements the WS-Federation standardized protocol and Security Markup Language (SAML). http://msdn.microsoft.com/en-us/library/bb897402.aspx
However, you may need to tweak some code based on how domains and usernames are handled. For example, if the application just uses the username as a key, and the other guy is in a different domain / directory with the same username, then you are in trouble. If they use a domain / username then this will be less problematic, but you may have conflicts based on how authentication and user lookups are handled.
There are some commercial products provided by Ping Identity and RSA (EMC) that also work on your SAML work.
Please note that I am a developer, not an AD / networking guy (so I could be wrong about working with AD), but I will be working with this in the near future to integrate some of my intranet sites into our various sister companies / divisions that are in different networks / directories.
source to share
To clarify, ADFS uses a SAML token, but is NOT compliant with the SAML protocol. Since you need to support SAML for your sites, you will need to implement the same SAML protocol that your SSO partners will use — either 2.0, 1.1, or 1.0.
We have a lot of information about SAML in the information library part of our website: http://www.pingidentity.com/information-library/index.cfm
Of course, we also offer a simple and secure solution for these requirements - PingFederate.