lync/skype discovery with AAD credentials


The office 16 preview gives us a glimpse of how the openid connect middleware in AAD has bveen grafted onto the webticket infrastructure (of old).

image

The basic discovery of endpoints, given a tenant-bound user name.

next, we see a block of protocol requests designed to get access to a secondary discovery service:

image

note the openid-connect AAD-based authorization header, alongside the webticket header.

image

mex of an STS, armed with oauth-related policy for the issue (token) action

image

mex of a cert provisioning STS (GetAndPublish verb, vs Issue/Refresh etc)

this is as far as we get, with rapstaff@rapmlsqa.com. With microsofts’ own IDP, based on the name admin@netmagic.onmicrosoft.com, we get a little further (but no successful login)

image

Advertisements

About home_pw@msn.com

Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
This entry was posted in AAD. Bookmark the permalink.