async wstrust feb 2005 (IWSTrustFeb2005AsyncContract), ADFS, and Office 365 test compatibility


I’ve been struggling to make office365 test/diagnostic tools recognize the mex WSDL output by my STS (active variant). When Looking at ADFS, I noted its mex endpoint, and pulled that WSDL document using a GET instruction.

image

The document contains various declarations including the following binding:

image

https://localhost/adfs/services/trust/mex

The point is, ADFS odes NOT offer the sync interface. A conformance tester looking for ADFS would be perfectly entitled to pull mex WSDL and search for the appropriate binding (which would be missing the typically implemented custom STS, built using WIF). So our missing was to implement the async interface.

First, declare the appropriate interface declaration for the service host (contrasting with the sync interface that we left in place for the v1.3 generation of wstrust):

image

First, the GetScope methods are implemented (wrapping the traditional sync implementation in a Func delegate)

image

and then the getOutputClaimsIdentity (that similarly wraps the traditional sync implementation).

image

The guts of “my knowhow” came from 2 sources. First 20 years ago, I saw the same kind of coding used in a communication stack (used at NSA, for its high-throughput directory); and have not seen the like since. Until today. Second the article from http://travisspencer.com/blog/2009/06/geneva-server-beta-2-included.html showed the .NET equivalent practice.

This gives something that LOOKS a bit but more like the output of ADFS, now!

image

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in office365. Bookmark the permalink.