Making the RST-R and Assertion from Active STS to Office365


Using our knowhow in WIF generated from the passive STS effort, its trivial now (mostly) to make the kind of assertion and response message required by Office 365 (to authenticate outlook or other thick clients).

image

Assuming one has a raw username token processor class and a token generator from the codeplex best practices samples, make the following changes to get closer to Office 365 compatibility!

To the username token processor we add the authentication statement (and some claims that perhaps arguably ought to be better added later, in the GetOutputClaims method!)

image

And then, the usual RSA/SHA1 signing method is required:

image

And to ensure the authentication statement actually gets minted (and the claims associated with authentication of the username token get populated in the authorization statement) we pass through the authenticated status (from red 1, above) via the trick shown as blue.

image

End.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in office365, SSO. Bookmark the permalink.