We have a third party that redirects their users to our site. Currently they pass the user authentication information in an encrypted string.
Now they want us to support SAML2.0 tokens. Can WIF be used for this?
If you want to consume Saml2 tokens their is built in support in the .NET framework for that, look at the Saml2Assertion and Saml2SecurityTokenHandler classes.
If you want your application to become a full SAML2 Service Provider you have to use an external library. A free implementation that provides basic functionality (which should be enough from the scenario you describe) is Kentor.AuthServces (Nuget package for mvc).