The objective of this hands-on lab is to configure a Window Azure AppFabric Access Control Service (ACS) tenant to use with the relying party created previously.
Sections:
Open https://portal.appfabriclabs.com/ and click on “create a project”
Type a name for the project
Click on the list item for the created project
Click on “Add Service Namespace”
Type a name for the service namespace and click on “Create”
The new tenant should now list a service namespace with links for configuration pages for Access Control, Cache and Service Bus services of that namespace
Select the “Access Control” to view the ACS management page
On the ACS management page, click on “Identity Providers”. Click on “Add Identity Provider”
Select Google from the list of possible identity providers
Type a login text
Google should now appear on the identity providers list
On the ACS management page, click on “Relying Party Applications”. Click on “Add Relying Party Application”
Fill the form with the following values:
The relying party should now appear on the relying parties list
On the ACS management page, click on “Rule Groups”. An empty rule group for the relying party was generated when the relying party configuration was created. Click on that rule group to edit its rules.
Add a new rule by clicking on “Add Rule”
Fill the form with the following values:
The new rule should now appear on the rules list
Add a new rule and fill the form with the following values:
There should be two rules
On Visual Studio, open the Web.config file for the project created in the previous HOL and edit the following:
Value issuer
attribute (of wsFederation
) (change to the issuer you created).
Values of name
and thumbprint
of the item in the trustedIssuers
collections. You can find the thumbprint on the certificate present in the metadata file (https://<your service>.accesscontrol.appfabriclabs.com/FederationMetadata/2007-06/FederationMetadata.xml
). It the base64-encoded value below EntityDescriptor\RoleDescriptor\KeyDescriptor\KeyInfo\X509Data\X509Certificate
. Copy that value to a .cer
file and open it.
You can also run the federation utility tool to reconfigure the application.