Changing the default Visual Studio WCF STS to be Office365-compatible


What few changes do we have to make to our working ws-trust client/server to make it use the odler profile of ws-trust (as used by PingFederate and Outlook/Office365, evidently)?

Let’s state the desired output, as shown by client-side traces:

image

request

image

and response

To make the client, we simply made a few obvious changes of constants:

image

And the server config file was not much harder:

image

based on these trials, its obvious trivial to alter the config of our pseudo-production STS to offer the right version of ws-trust for Office 365 purposes:

image


PS

Note how with the custom Binding we started to play with the idea that the SSL load balancer might continue to terminal the SSL session (leaving the hop between LB and resource server not secured by https). Does this affect binding config  in IIS6? do we still  expose the https binding, with cert etc?

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.