Provisioning IssueTracker Enterprise:
- There’s no direct interaction with Access Control Service. IssueTracker uses ACS API to create the scopes, rules and the issuer (Contoso).
- The provisioning form captures all the required information to setup the trust relationship between Access Controls Service and the tenant (certificate, etc)
Tenant (Contoso_Enterprise) uses IssueTracker Enterprise from a Smart Client (Active Profile):
- Tenant STS is configured:
- Tenant name that must be the same as the name used in the provisioning form.
- Signing certificate thumbprint: this is used internally to retrieve the certificate form the store. Thumbprint can be obtained from the certificate properties.
Tenant Manages IssueTracker Enterprise from PowerShell scripts:
- PowerShell CmdLets are registered
- Management User disables the application (passing a parameter to define reason)
- Business User attempts to use the system, gets an error message (with the above reason)
- Management user enables application back
Tenant changes STS configuration issuing different Claims:
- Tenant changes one of the output claims to “Program Manager”. In the real implementation this could be a user moving from group in Active Directory to another
- System rejects access as the claim is not recognized as input to any rule in ACS