Simply made a modern visual studio 2013 (updated) MVC app, with individual authentication. This gives us an owin-pipeline based application. To this, we then added openid connect in order to talk to our IDP
ClientId = “b16d9e8c-3a9e-4eac-a4ca-6400da4f5367”,
RedirectUri = “https://localhost:44305/”,
MetadataAddress = “https://login.windows.net/rapmlsqa.com/.well-known/openid-configuration”
app.Use(async (Context, next) =>
rereading the architectural primer on owin also helped: http://www.cloudidentity.com/blog/2014/05/11/openid-connect-and-ws-fed-owin-components-design-principles-object-model-and-pipeline/
The look and feel is such that our AAD-proxied IDP is treated as if another external IDP – similar to google.
The difference between this and “organizational authentication” is subtle – since there are two meanings of that term. If one creates the MVC project USING the organization authentication option, one gets a WIF pipeline – talks to the AAD/IDP. Here we are talking to the same AAD/IDP using the owin pipeline (and using the opened connect protocol, if it matters).
We see local account linking talk place,