Exchange ws-security (x509 signing style)

Finally, we see the  flags in use, for wssecuritycredential-based credentials offered by ExchangeManaged API.


Looking at the trace, we see a message level signature (over the headers). That is we have proof service based on assertion of the “cert” tokentype (rather than the SAML token type).


So how – for Exchange online – does the cert thing work? What are the extensions? Are they supposed to be the claims that would have come via SAML tokens? Or, is there a fixed cert bound to the (exchange) user account, somehow?


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in SSO. Bookmark the permalink.