subtle interworking issues…imposed by ACS


comparing ACS working and ACS not working messages

we can make it work when we get the SOAP and addressing version right (for wstrust13):


So, when talking to ACS note the messaging version requirements:


Now that we FINALLY understand how to augment the clientcredentials structure so it can offer “RSASecurityTokens” and insert a tokenmanager that works with a “securitytokenprovider” to deliver the RSA signing key at the right time to the messaging pipeline of WCF, its all looks relatively simple.

But of course, it was a nightmare getting here.

About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in SSO. Bookmark the permalink.