2

I've been browsing a lot on both StackOverflow and a bunch of different Microsoft associated sites and looking at examples etc but I think I'm missing a few key point to the problem in hand.

Scenario: I'm developing a site that uses Yammer (Facebook style page for those of you who don't know) as a Identity Provider together with ACS to provide the security for my site.

Now Iv'e been trying to follow along with a bunch of exercises from MS on how to build those custom providers (Identity Developer Training Kit) but to the question, do I actually have to build them? Isn't there a way to configure ACS to handle my tokens from Yammer (Powershell commands?)? Or do I have to create a STS provider site and "bridge" Yammer and actually provide ACS with my "own" tokens.

So this question is a little bit on an extension on another one.

Community
  • 1
  • 1
Per Svensson
  • 751
  • 6
  • 14

1 Answers1

1

The ACS does not support OAuth 2.0 for authentication.

As I understand it; OAuth it for Authorization, the ACS is for Authentication.

It does support WS-Federation and OpenID (although only through the API) identity providers, you just need to add the configuration in the ACS.

So if Yammer has an OpenID or or WS-Federation, you're in business.

If not, it's fairly straight forward to build your own identity provider (thinktecture have one you can use as a starting point: http://weblogs.thinktecture.com/cweyer/2009/05/thinktecture-security-token-service-starter-kit---or-look-ma-even-i-can-have-a-sts.html) which you could use to 'bridge the gap' between some other authentication method and the ACS. You would just need to register it as a WS-Federation identity provider in the ACS using it's FederationMetadata.xml file. Your identity provider would then need to determine whether the user is authentic or not.

Richard Astbury
  • 2,323
  • 18
  • 28