How to make active login to Windows Azure ACS

Question

How to make active login to Windows Azure ACS

I have installed ASUS ACS. I have several IP addresses configured; one of which is an ordinary STS. A “passive” scenario - in which browser redirection is used to get a token from ip to acs and back to my RP - works like a charm. In a passive scenario, you can use homerealm to "guide" the ACS to the IP-STS of my choice.
Now I wonder if something like this is possible in an active scenario. More specifically: can I get a token from ACS by specifying a username and password (and some IP address identifier that will handle the username password) in ACS.

(I want to save custom STS information from my clients so that I do not request a custom STS for the token directly )

+4

wif azure access-token acs

Willy Van den Driessche Nov 14 '12 at 13:40

source share

2 answers

Active authentication flow does not work that way. Credentials do not go to ACS, but to IdP directly through the WS-Trust protocol. As an example, consider the ACS Federated Authentication example.

None of the protocols supported by ACS allows you to transfer credentials through a federation provider in the way that you offer directly (this will create an unnecessary security problem, since these credentials will be displayed in FP), but the fact that these creds go to IdP instead of ACS, should be invisible to the end user.

0

Oren melzer Nov 14 '12 at 20:05

source share

Willy Van den Driessche · Accepted Answer · 2012-12-06T18:26:05+0000

Ok, I found it. I need a two-way process. First, request a token on user strings using the username and password (with the audience installed on the acs sts endpoint). Then "exchange" this token for the token issued by ACS, as in: fooobar.com/questions/1446008 / ... n

How to make active login to Windows Azure ACS

More articles: