What few changes do we have to make to our working ws-trust client/server to make it use the odler profile of ws-trust (as used by PingFederate and Outlook/Office365, evidently)?
Let’s state the desired output, as shown by client-side traces:
To make the client, we simply made a few obvious changes of constants:
And the server config file was not much harder:
based on these trials, its obvious trivial to alter the config of our pseudo-production STS to offer the right version of ws-trust for Office 365 purposes:
Note how with the custom Binding we started to play with the idea that the SSL load balancer might continue to terminal the SSL session (leaving the hop between LB and resource server not secured by https). Does this affect binding config in IIS6? do we still expose the https binding, with cert etc?