none
Wildcard / Dynamic Realm

    질문

  • This seems like it would be so obvious, but I can't seem to find an example.

    This forum answer refers to dynamic realms and provides a good example on building the proper realm request to ACS.

    http://social.msdn.microsoft.com/Forums/en-US/windowsazuresecurity/thread/c5a265bd-e5f7-419e-a079-fca9a19e7ec3

    However I get the following error
    ACS50001: Requested relying party realm 'http://tenant.localhost.company.com/' is unknown            
       

    My question is simple, how do you specify wildcard names in the ACS management portal for a realm.  I tried setting the Realm on my Reply Party to *.localhost.company.com and that did not work (see error)


    || Aaron Elder - Dynamics CRM MVP || http://xrm.ascentium.com/blog/crm

    2012년 4월 16일 월요일 오후 5:34

답변

  • You can't do that on the ACS side. You have to explicitly set up an RP for each realm.

    You may be better off having a single realm, and when ACS returns the token to the root site, you have code that figures out which tenant should receive the token.


    Developer Security MVP | www.syfuhs.net

    • 답변으로 제안됨 ProVega 2012년 4월 18일 수요일 오후 8:56
    • 답변으로 표시됨 Aaron E. _ 2012년 4월 18일 수요일 오후 8:58
    2012년 4월 16일 월요일 오후 7:48
  • It looks like the best way to pass this is via wctx (context), as it is the only parameter that is always passed and transparent to the various systems in the chain.
    • 답변으로 제안됨 ProVega 2012년 4월 18일 수요일 오후 8:56
    • 답변으로 표시됨 Aaron E. _ 2012년 4월 18일 수요일 오후 8:58
    2012년 4월 18일 수요일 오후 8:56

모든 응답

  • You can't do that on the ACS side. You have to explicitly set up an RP for each realm.

    You may be better off having a single realm, and when ACS returns the token to the root site, you have code that figures out which tenant should receive the token.


    Developer Security MVP | www.syfuhs.net

    • 답변으로 제안됨 ProVega 2012년 4월 18일 수요일 오후 8:56
    • 답변으로 표시됨 Aaron E. _ 2012년 4월 18일 수요일 오후 8:58
    2012년 4월 16일 월요일 오후 7:48
  • Thank you for the reply.

    That is what I was afraid of.  As I have read more, this seems like a possible way to go.  

    Is there a best practice here?  Is there any easy way I can pass a querystring token to the ReturnUrl?  The workflow is a user will go to orgname.company.com, I need them to sign in to app.company.com then redirect them back to orgname.company.com.

    2012년 4월 16일 월요일 오후 7:58
  • Hi,

    Yes, ReturnUrl can be edit but Realm not, it's not safety if ACS RP can be updated during the application running.

    Try to follow:

    http://msdn.microsoft.com/en-us/library/windowsazure/hh180180.aspx

    Hope this helps.


    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    2012년 4월 17일 화요일 오전 6:38
  • It looks like the best way to pass this is via wctx (context), as it is the only parameter that is always passed and transparent to the various systems in the chain.
    • 답변으로 제안됨 ProVega 2012년 4월 18일 수요일 오후 8:56
    • 답변으로 표시됨 Aaron E. _ 2012년 4월 18일 수요일 오후 8:58
    2012년 4월 18일 수요일 오후 8:56