To see SWT tokens and OAuth WRAP in action protecting a WCF REST Service (active federation) I would recommend you have a look at the ACS samples. For instance there could be scenarios where you get a SAML token from ADFS (corporate identity provider), you use that to get authenticated with ACS and ACS returns you back a SWT token which in turn is used to access a protected REST Service (offered by a business partner). You can find more details about these token formats explained hereĪCS would accept either of the token formats as input and would also return either of them as outputs. You are most likely to use SWT tokens for RESTful services hosted in Azure. SAML exchange happens over WS-* protocols while SWT tokens are usually transferred over OAuth WRAP / OAuth 2.0 protocols ( details here). There are two token formats supported by Access Control Service – SAML and SWT. Once a client authenticates with Identity Provider he get a token back. Active federation is assoicated with Web Services and clients that explicity get authenticated.
Passive federation is assoicated with web applications (rather web browsers) where authentication happens via a set of redirects. You will also find two federation terms used quite frequently – Passive & Active federation.
Access control service (ACS) is a federation provider hosted on Windows Azure. Hence it simplifies many-to-many relationship into easily manageable one-to-one. RP get registered only with federation provider and federation provider in turn is registered and trusted by various identity providers. This is where a mediator called federation provider comes into picture. Not only RP would have to establish trust with all these providers but the Identity Providers too would have to register this RP to issue tokens on request. As your service / application has a trust established with that IP they can validate the trust of the incoming token and then use the claims bundled in it to authorize the level of access for client / user.Ībove flow becomes little complex when RP needs to trust multiple identity providers (for instance you are offering a multi-tenant service for individuals and coporates with each of them having a different identity provider). That token is then presented to your service / application. Clients or users of your service / application no longer connect with you for authentication, rather they authenticate with an identity provider to get back a claims token. So, for your Service or your Application, you establish trust with an identity provider by sharing a X509 certificate or a shared secret. Let’s get them in turn.Īt the heart of these offerings is the below simple block diagram which drives the key concept of – Relying on a trusted External Entity (Identity Provider) for – Authenticating users and Providing user attributes (claims) to saves our services / applications from Identity nightmares. While most of them are able to understand the underlying business motivation, they are list lost admist all the new terms like SAML, SWT, OAuth, WRAP, WIF, ACS, ADFS, Claims, Active / Passive Federation, etc.
When I run in to more bumps in the road I’ll be sure to publish them.Having presented quite a few sessions on Claims Based Idenitity and Access Control Service I still see quite a few participants confused on how to get started.
Those are the only points I wanted to put out there at this point.
If you don’t include this method call, then your testing framework won’t be able to catch the GTest exceptions that will get thrown if the GMock’s expectations aren’t met. You should assert that this method returns True.
Other coworkers of mine haven’t needed to install the Feature Pack, though I presume that they didn’t need to because they had SP1 installed (which I thought I had installed).
This was so I could get full TR1 support, specifically std::tr1::tuple. To get GMock to build in VS2008, I had to install the Visual Studio 2008 Feature Pack. I’ve just finished getting an implementation going of MSTest with GMock, and I wanted to document all things neccessary to use GMock in a testing framework other than GTest.