Changing the default Visual Studio WCF STS to be Office365-compatible

What few changes do we have to make to our working ws-trust client/server to make it use the odler profile of ws-trust (as used by PingFederate and Outlook/Office365, evidently)?

Let’s state the desired output, as shown by client-side traces:




and response

To make the client, we simply made a few obvious changes of constants:


And the server config file was not much harder:


based on these trials, its obvious trivial to alter the config of our pseudo-production STS to offer the right version of ws-trust for Office 365 purposes:



Note how with the custom Binding we started to play with the idea that the SSL load balancer might continue to terminal the SSL session (leaving the hop between LB and resource server not secured by https). Does this affect binding config  in IIS6? do we still  expose the https binding, with cert etc?



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.