owin pipeline to ACS and thence to google openid connect


We create an ACS gateway:

image

Wtrealm = “https://ssoportal.rapmlsqa.com/spssohandler.aspx/bari”,
MetadataAddress = “https://bariazuressoowin.accesscontrol.windows.net/FederationMetadata/2007-06/FederationMetadata.xml”,
Wreply = “https://localhost:44320/”,

 

And tie it to an new RP (an azure AD sample)

image

 

To ACS, we wish to add google as the IDP. So, in the google developer console, we add an the ACS RP to our cloud identity project:

image

 

image

Client ID

328410290065-hmthip0eq46a0kjfnmr74f7huaa9h6l8.apps.googleusercontent.com

Email address

328410290065-hmthip0eq46a0kjfnmr74f7huaa9h6l8@developer.gserviceaccount.com

Client secret

ZxfAlDen5wpisd7pkfBIWIlO

Redirect URIs

JavaScript origins

 

    Note, we also arm the google+ API

    image

     

    back on ACS, we plugin in the parameters:

    image

    image

     

    On and end to end trial, we see that the owin pipeline can totally configure itself (when ACS is using its namespace cert for signing the RP assertion)

    image

    note a gotcha. If ACS is using a different certg for the RP, then this is NOT published in the ACS metadata (and you get a keyid error in the owin pipeline, upon processing the security features of the token).

    Advertisements

    About home_pw@msn.com

    Computer Programmer who often does network administration with focus on security servers. Very strong in Microsoft Azure cloud!
    This entry was posted in AAD. Bookmark the permalink.