Using the “”simplified connection” feature of the quickstart sample from the SDK:
we get a first decent demo of proof tokens being applied:
Note that the keytype (of symmetric) is implicitly requested (being already set via the metadata configuration setup, earlier). And, note, that no client–side entropy is provided.
This delivers a cleartext (over ssl) proof key to the client (aligned with the encrypted, wrapped version of the same key for use by the CRM service instance) – which is duly exploited :
where the signature is symmetric:
With this, we can clearly say (to Ping, should they claim otherwise) that we have in a couple of hours got ADFS to help do webservices calls between a WCF Client (wrapper lib) and CRM – using SAML issued over ws-trust (v13), with proof tokens, AES256 encryption of the assertion, etc.
The above seems be a delivery of what others were talking about, as discussed back here. Of course, we were able to deliver the same, in our string.svc (avoiding the much more complex WCF-centric, secure conversation centric wsfederation binding.)
When we have a look at the policy controlling all this, we see:
So does advanced CRM server config allow changing any of this!?