Windows Azure AppFabric LABS September release now available

Today we deployed an incremental update to the Access Control Service in the Labs environment. It’s available here: Keep in mind that there is no SLA around this release, but accounts and usage of the service are free while it is in the labs environment.


This release builds on the prior August release of the Access Control Service, and adds the following features:


·        Support for OAuth 2.0 Web Server and assertion profiles (

·        Additional support for X.509 certificate authentication via WS-Trust and Service Identities

·        The ability to map Identity Providers to Relying Parties

·        Several updates to the Management Web Portal:

o   Upload a WS-Fed Metadata file through the portal

o   Additional fields uploading encrypting and decrypting certificates

o   Expanded support for machine keys (password, symmetric key, and X.509) and creation of valid usage dates


We’ve also added some more documentation and updated samples on our CodePlex project:


For more information about the Access Control Service, see the Channel 9 video at


Like always, I encourage you to check it out and let the team know what you think.


The Windows Azure AppFabric Team

Comments (1)

  1. freak says:

    Need a little bit of help with an exception that is being generated at ACS end.

    Scenario is that i am trying to add my own STS to ACS v2 Labs, using nothing but default WIF template for local STS.

    Whati have done is that i created a Custom STS using WIF. It has nothing in it, just simple default STS what comes up with the second option in FedUtil i.e. Local STS.

    I then went to ACS Labs portal and uploaded this FederationMetadata.xml as an ADFS 2.0 Identity provider.

    It is using SQL Membership provider for authentication and for Login purpose i am using Login control. I haven't added any other piece of code other than the following entry in the class CustomSecurityTokenService

    static readonly string[] PassiveRedirectBasedClaimsAwareWebApps = { "" };

    Now, after it is authenticated, it is redirected to Default.aspx of itself (custom STS) and it exceptions out at/after the following method call in the Default.aspx.cs of CUSTOM STS:

                       FederatedPassiveSecurityTokenServiceOperations.ProcessSignInResponse(responseMessage, Response);

    I have no idea of what the exception is at it appears to be happening at ACS end, as the URL in my address bar changes  to

    Is there something that i am not passing to ACS. I am not having this issue with a ASP.NET website and it works fine.

Skip to main content