Azure AD gatewaying Windows 8 app OAUTH to US Realty IDPs, via (ws-fedp) websso


We build out our first windows 8.1 app, based on the sample code from “nick”. A windows 8.1 app loads and its OnNavigating event handler induces it to load a login routine. Bound to a (server-side javascript) backend API for mobile data, the app is able to perform an OAUTH2 handshake against the oauth endpoints of our (office365-related)  AzureAD tenant.

Since our OFfice365 AAD tenant is also the directory bound to our Azure subscription, we were able to use the Active Directory “applications” configuration features, that set up such as OAUTH client secrets and the like.

We see the discover phase:

Screenshot (113)

recalling that this app is intended to work with others on the device (as shown by the display of charms etc).

Device screen photos – rather than screenshots – now follow:

WP_20140306_003

We see the IDP discover page, from Azure AD, Microsoft Online, and friends, above

WP_20140306_002

We see, above, our webSSO IDP’s (first) user  challenge screen

WP_20140306_004

Finally, we see that the IDP’s HTML is good enough to adjust its layout (dynamically), as one re-orientates the device into portrait mode.

That’s usable, Microsoft. I forgive you for cardspace, now!

Anyways, once one sets up a few rights on the IDP… it release the saml assertion back to microsoft online. The resulting screen, is

 

image

which finally gets us to a authenticated session at the app:

image

 

A quick look at the wire shows the oauth + websso interaction that, via microsoft online proxying of IDPs, talks to the tenant (BARS/8) of our realty IDP associated with a particular “authenticated domain”. This had to be configured, thus:

image

image

image

The wire shows the final token:

image

where the JWT, whose middle element I decode from base64 using fiddler. is

image

one can even  decode from base64 the inner “credentials” field of the JWT – whatever they are! With any luck, they allow multi-app logon/logoff, much as LiveIDs do.

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in Azure AD. Bookmark the permalink.