Exchange ws-security (x509 signing style)


Finally, we see the  flags in use, for wssecuritycredential-based credentials offered by ExchangeManaged API.

image

Looking at the trace, we see a message level signature (over the headers). That is we have proof service based on assertion of the “cert” tokentype (rather than the SAML token type).

image

So how – for Exchange online – does the cert thing work? What are the extensions? Are they supposed to be the claims that would have come via SAML tokens? Or, is there a fixed cert bound to the (exchange) user account, somehow?

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.