Windows Azure App Fabric ACS v2 – Using Identify Provider i.e. Google, Yahoo, Open ID with your Windows Azure Application

  • Article

ACS v2 comes with default Windows Live Passport support to add signing requirement for your application using Windows live service accounts. You can start digging into ACS v2 from the link below:

https://acs.codeplex.com

 

Custom Open ID Identity Providers

Custom OpenID identity providers can be set up in ACS using the management service. What you need to do is follow the samples for adding an identity provider, and add one of ProtocolType ‘OpenID’. Then, you need to manually perform OpenID discovery (I can provide some assistance here if needed) to get the identity provider’s sign-in URL, and add that as an IdentityProviderAddress of type ‘SignIn’. ACS will perform sign-in with any OpenID 2.0 identity provider, and will attempt to retrieve additional claims using the AttributeExchange extension, if supported by the provider.

 

At a high level, the objects you’ll need are as follows:

  new Issuer()
 {
 Name = name
 }
 
 new IdentityProvider()
 {
 DisplayName = name,
 WebSSOProtocolType = "OpenId"
 }
 new IdentityProviderAddress()
 {
 EndpointType = "SignIn",
 Address = signInAddress
 }

You must use ACS v2 because ACS v1 does not support OpenID.

 

Here is the code snipped to programmatically setup Google as an IdentityProvider with Windows Azure App Fabric ACS v2:

  ManagementService ms = msf.Create();
 var ip = ms.IdentityProviders.ToArray();
 Issuer issuer = new Issuer { Name = "Google" };
 ms.AddToIssuers(issuer);
 ms.SaveChanges(SaveChangesOptions.Batch);
 
 // Create Identity Provider
 IdentityProvider identityProvider = new IdentityProvider { 
 DisplayName = identityProviderName, Description = identityProviderName,
 WebSSOProtocolType = "OpenId",
 IssuerId = issuer.Id
 };
 ms.AddObject("IdentityProviders", identityProvider);
 
 IdentityProviderAddress googleRealm = new IdentityProviderAddress() {
 Address = "https://www.google.com/accounts/o8/ud",
 EndpointType = “SignIn”,
 IdentityProvider = identityProvider,
 };
 ms.AddRelatedObject(identityProvider, "IdentityProviderAddresses", googleRealm);
 ms.SaveChanges(SaveChangesOptions.Batch);

Good Read:

Hands on lab: Adding various Identity Providers i.e. Google, FaceBook, Yahoo with AppFabric Access Control Service 2.0

 Claims based Authentication: