[Moved] Access Control Service Samples and Documentation

When I try to sign with a custom sts with WIF througth AC, I receive a 404 http error when i put my username and password in sts login form. If i try to authenticate with Live Id oor Facebook, i haven't the problem.

Any hint?

Thanks

Where can I get the public key for the Default Asymmetric Token Signing Key X.509 Certificate created for my service namespace?

Hi,

same as rsdev5, I'm trying the MVC service sample, and I'm setting up the STS by uploading a new X.509 cert made by MakeCert (signing cert).

When I try to download the federation metadata (https://cdr-test2-sb.accesscontrol.appfabriclabs.com/FederationMetadata/2007-06/FederationMetadata.xml) I get the following error message:

Sorry, an error occurred while processing your request.

HTTP Error Code: 400
Message: No tenant signing key of type X509 certificate is provisioned.
Trace ID: b5e94475-de72-4b23-9c7d-5fc7dfa77aba

When i try to modify cert settings from the STS portal i get the following error:

Sorry, an unexpected error occurred while processing your request.

HTTP Error Code: 500
Message: Internal Server Error.
Trace ID: 0e14d4e4-6ebe-456d-9a75-5339cf3db3de

Any hint?

Thanks.

Hi,

I was trying the ASPNET Simple Service example.
Very good doc but I can't get it to work.

I have 2 problems:
1. Clicking on Certificates and Keys shows an error: "Sorry, an unexpected error occurred while processing your request."
2. When I use 'acssample' as the wrap user (after creating a Service Identity with that name) I get an exception saying:
Error:Code:401:SubCode:T0:Detail:ServiceIdentityNotFoundInDataStore

Even though I see it on the portal.

Am I missing something?

Thanks

Hi Rlmorgan,
all that you see here is perfectly in line with the "geneva" vision. This new release of ACS adds support to many new protocols to the offering currently in production, all based on claims and all interoperable to the extent of the state of the art of claims-based standards today. Those protocols and identity providers were added in response to community feedback: thanks to its nature of hosted service, it is perfectly feasible that more protocols will be added in subsequent releases.
Also note: although ACS provides a very handy gateway for securing access to services hosted in Windows Azure, you are by no means constrained by it. In Windows Azure you can run arbitrary code and even pursue approaches based on non-Microsoft technologies such as PHP. From your code you can decide to trust whatever identity provider and whatever protocol fits your needs, ACS or on-premises instances of ADFS2 are just possible choices among the full range of identity providers your code can support. If you elect to stick with Microsoft technologies, *at this point in time* the SAML protocol is natively supported only in ADFS2: but I would not conclude that Microsoft is not true to the Geneva vision. In fact, in my opinion the sheer number of open protocols and web identity providers supported in the latest ACS release is a GREAT example of our willingness to execute on that vision.
Best,

Vittorio

So I have to install ADFSv2 in order to authenticate to Azure? This seems entirely opposite to the openness to protocols and IdP implementations promised by the work formerly called Geneva. Can Microsoft explain why it has reneged on this promise? Is there something difficult about supporting SAML?

WIF supports the SAML token format but not the protocol. You could use AD FSv2 which does support SAML 2.0 IdP lite to translate it to WS-Fed and pass to ACS.

Why is there no support for SAML protocol? I have 500,000 users in my organizational SAML IdP, and another 150 SAML IdPs in our federation. WIF supports SAML, doesn't it?