swapping SAML for SWT (using ACS)


We minted a SAML assertion using our local STS. And then we sent it, per the instructions of others, to ACS. Before that we had imported the metadata of our STS into ACS and assigned this new issuer to a given RP.

image

Note that the audience field of the assertion must TARGET ACS namespace (not the scope of the RP). Below, we see the result of asking the wrap endpoint to translate the above “set of claims” (verified as an endorsing token almost, to produce some claims).

image

One must give a scope to the request, to which the issuer has been bound (and rules assigned).

Since this RP has the JWT token type assigned, I was half expecting a JWT back (note). Perhaps, next, I should try this variant of the code:

image

image

Posting to the oauth endpoint does indeed return a JWT:

image

image

Going to guess its important that the RP has a rule set with a rule for ACS, and pass through set for all attributes.

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in SSO. Bookmark the permalink.