Authenticating directly to an Azure ACS identity provider

0
votes

I need my mobile application to allow authenticating either to 3rd party vendor (facebook, google, etc) or to my own WS-Federation identity provider (I'm using Thinktecture). Now, when logging in to my own WS-Fed idp I want to authenticate directly and pass the security token to Azure ACS (and not by using a dedicated login page). I need that because I don't want my users to authenticate using my provider by using a dedicated web page (and moving out of the context of the application).

Your help will be appreciated.

1
azureacs
please show users what you have tried so far for better responses.Kundan
What kind of mobile application is it? Specifically, could you use WS-Trust to get your token. It is possible with .Net, not sure about other platforms...Mike Goodwin

1 Answers

0
votes

From your ACS management portal get list of identity providers of your realm from below link

https://YourNamespace.accesscontrol.windows.net/v2/metadata/IdentityProviders.js? protocol=wsfederation& realm=YourAppRealm& reply_to=YourAppReturnURL& version=1.0

Now try this:-

  1. HTTP GET on the above identity providers link.
  2. Parse login link of desired identity provider from the json response of above request.
  3. Authenticate user with login link received in last step.
  4. You'll receive your ACS Token

Note: After step 3 user will be asked to authenticate himself and the identity provider will automatically send the authentication token to ACS, finally ACS will convert that token into new ACS token and return it as in step 4.

In this way you'll by-pass the login page and can grab ACS token in mobile application without moving out of the context of the application.