using asymmetric proof tokens with ACS and WCF/WIF


To the factory method that sets up the API port and its metadata that  cooperates with the metadata of a suitable STS (ACS in our case), we add another endpoint – called “Rsa”:

image

Back on the auto-generated client, we see now two client-side bindings – one of which seems to be capable of talking to the ACS and requesting an asymmetric-token (i.e. a token with RSA-wrapped DES-key that encrypts an RSA public key (now).

image

So, looking at the wire can we talk to ACS and at least formulate the RST suitable for asymmetric token issuing? We expect to see a more complex SOAP-message bearing the RST – one with a signature in the SOAP header (which we do):-

image

 

with corresponding response:

image

When we look at the proofs actually exchanged, post STS interaction, between client and server, we see an asymmetric signature supporting the assertion’s proof service

image

Now we need to learn how to do this WITHOUT using the auto-generated clientside proxy.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.