Exchange ws-security (x509 signing style)

Finally, we see the  flags in use, for wssecuritycredential-based credentials offered by ExchangeManaged API.


Looking at the trace, we see a message level signature (over the headers). That is we have proof service based on assertion of the “cert” tokentype (rather than the SAML token type).


So how – for Exchange online – does the cert thing work? What are the extensions? Are they supposed to be the claims that would have come via SAML tokens? Or, is there a fixed cert bound to the (exchange) user account, somehow?



Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.