talking to the active STS in office online


When looking at the output of the MOSDAL support toolkit and the report on office 365 SSO in particular we noted that our own STS’s response was minted intending http://…/extSTS.srf as the audience. Evidently, from the users record in Office 365 the kit figures out the address o our STS and talks to it, intending that the resulting token be consumed by the extSTS (and be exchanged for an access token) fit for sharepoint online webservices etc. So can we do the same, and do our own ws-trust handshake with office online initiated by our own thick client application and indeed then get what we need to consume sharepoint and exchanges services directly ?

To see, lets play with http://www.wictorwilen.se/Post/How-to-do-active-authentication-to-Office-365-and-SharePoint-Online.aspx.

We first see the helper class setup an event handler to be called on each webservice call – to get access tokens (if not cached).

image

And next we see the ws-trust client call that goes and gets an access token, intended for consumption by sharepoint online:

image

if we compare this client with a factory-based client, its instructive to note the differences:

image

for context, see http://allthatjs.com/2012/03/28/remote-authentication-in-sharepoint-online/.

Our first trial fails, but this is worth pursuing:

 

image

some more context (and code) at https://github.com/jwillmer/SharePointAuthentication

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in office365. Bookmark the permalink.

One Response to talking to the active STS in office online

  1. Pingback: using extSTS to mint proof token for Exchange Online API | Peter's ruminations

Comments are closed.