Realty ws-trust IDP interworking with AAD token issuer, in saml bearer grant



Using fiddler proxy, we were able to craft delivery of custom metadata from our IDP whose endpoint addresses now meets the expectations of the Micosoft ADAL libraries saml-bearer grant flow.


The only code change we made to this service was  add a nameid format property to the subject field (of value unspecified). But, Im really not convinved that that has anything to do with sudden interoperability. Making our active and passive STS have configurable values for that property doesn’t seem particularly useful, though is vaguely more correct.


About home_pw

Computer Programmer who often does network administration with focus on security servers. Sometimes plays at slot machine programming.
This entry was posted in AAD. Bookmark the permalink.