Major update to ACS now available


Today I’m excited to announce a major update to ACS. It’s available in our labs environment: http://portal.appfabriclabs.com. Keep in mind that there is no SLA around this release, but accounts and usage of the service are free while it is in the labs environment.

This release includes many of the features I discussed late last year: http://blogs.msdn.com/b/justinjsmith/archive/2009/09/28/access-control-service-roadmap-for-pdc-and-beyond.aspx. Here’s a snapshot of what’s in this release:

  • Integrates with Windows Identity Foundation (WIF) and tooling
  • Out-of-the-box support for popular web identity providers including: Windows Live ID, Google, Yahoo, and Facebook
  • Out-of-the-box support for Active Directory Federation Server v2.0
  • Support for OAuth WRAP, WS-Trust, and WS-Federation protocols
  • Support for the SAML 1.1, SAML 2.0, and Simple Web Token (SWT) token formats
  • Integrated and customizable Home Realm Discovery that allows users to choose their identity provider
  • An OData-based Management Service that provides programmatic access to ACS configuration
  • A Web Portal that allows administrative access to ACS configuration

There’s quite a bit more information available on our CodePlex project: http://acs.codeplex.com. There you will find documentation, screencasts, samples, readmes, an issue tracker, and discussion lists.

Also check out the Channel 9 video at https://channel9.msdn.com/shows/Identity/Introducing-the-new-features-of-the-August-Labs-release-of-the-Access-Control-Service.

Like always, I encourage you to check it out and let the team know what you think.

Comments (4)

  1. MIke says:

    How well integrated is OAuth – as I think this would be the the service most in demand right now. Any other resources on OAuth with ACS?

  2. Brad says:

    This is some really nice new features.  I am going to check it out in the labs environment.  So, is there an estimated release date or time frame for the new ACS features into the production Azure environment?  A target quarter would be good enought for me.  

  3. RockyH says:

    Mike, I beleive(and Justin correct me if I'm wrong)  that you could consider the integration with OAuth very complete because the new OAuth standard is based on the WRAP v0.9 which came from the work done with Microsoft, Google, Yahoo and a couple others to determine the WRAP.  

  4. freak says:

    Need a little bit of help with an exception that is being generated at ACS end.

    Scenario is that i am trying to add my own STS to ACS v2 Labs, using nothing but default WIF template for local STS.

    Whati have done is that i created a Custom STS using WIF. It has nothing in it, just simple default STS what comes up with the second option in FedUtil i.e. Local STS.

    I then went to ACS Labs portal and uploaded this FederationMetadata.xml as an ADFS 2.0 Identity provider.

    It is using SQL Membership provider for authentication and for Login purpose i am using Login control. I haven't added any other piece of code other than the following entry in the class CustomSecurityTokenService

    static readonly string[] PassiveRedirectBasedClaimsAwareWebApps = { "stsdemoacs.accesscontrol.appfabriclabs.com/" };

    Now, after it is authenticated, it is redirected to Default.aspx of itself (custom STS) and it exceptions out at/after the following method call in the Default.aspx.cs of CUSTOM STS:

                       FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);

    I have no idea of what the exception is at it appears to be happening at ACS end, as the URL in my address bar changes  to stsdemoacs.accesscontrol.appfabriclabs.com.

    Is there something that i am not passing to ACS correctly? I am not having this issue with an ASP.NET website and it works fine.

Skip to main content