Export (0) Print
Expand All

6 Appendix A: Product Behavior

The information in this specification is applicable to the following Microsoft products or supplemental software. References to product versions include released service packs:

  • Windows Server 2003 operating system

  • Windows XP operating system

  • Windows Vista operating system

  • Windows Server 2008 operating system

  • Windows 7 operating system

  • Windows Server 2008 R2 operating system

  • Windows 8 operating system

  • Windows Server 2012 operating system

  • Windows 8.1 operating system

  • Windows Server 2012 R2 operating system

Exceptions, if any, are noted below. If a service pack or Quick Fix Engineering (QFE) number appears with the product version, behavior changed in that service pack or QFE. The new behavior also applies to subsequent service packs of the product unless otherwise specified. If a product edition appears with the product version, behavior is different in that product edition.

Unless otherwise specified, any statement of optional behavior in this specification that is prescribed using the terms SHOULD or SHOULD NOT implies product behavior in accordance with the SHOULD or SHOULD NOT prescription. Unless otherwise specified, the term MAY implies that the product does not follow the prescription.

<1> Section 1.5: The configuration serverURL is stored in registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Passport and, by default, contains the value "http://nexus.passport.com/rdr/pprdr.asp".

<2> Section 2.2.1: The Windows-based client sends this value to the partner server via an HTTP redirect after it receives it from the AS.

<3> Section 2.2.3: Windows Passport authentication server implementations include an Authentication Server-Instructed Update message with every Token Response message.

<4> Section 2.2.8: The Windows-based client processes the Partner Server Challenge message only when returned with a 302 HTTP status code.

<5> Section 2.2.9: The Windows-based client processes the tokens, which are set as cookies, as part of the message. The Windows-based client does process the Authentication-Info header in the message. The Windows-based client also does normal processing of any HTTP status codes per the HTTP standard.

<6> Section 3.1.1: The Windows-based client does store this state.

<7> Section 3.1.5.1: A Windows client compares the condition to the list of installed security support providers (SSPs) on the box.

<8> Section 3.1.5.2: The client always takes the values of sign-in and Pwd from its Cached User Credentials if credentials are stored there and if the prompt predicate parameter is absent from the Authentication Server Challenge message.

<9> Section 3.1.5.7: All tname parameter values sent to the client are ignored.

<10> Section 3.1.5.8: All tname parameter values sent to the client are ignored.

<11> Section 3.3.5.1: The Microsoft Passport authentication server implementation does not include any tname parameter values in its Token Response messages.

<12> Section 3.3.5.1: The Microsoft Passport authentication server includes an Authentication Server-Instructed Update message with every Token Response message.

<13> Section 3.3.5.2: The Microsoft Passport authentication server implementation does not include any tname parameter values in its Token Response messages.

The Microsoft Passport authentication server sets cookies only if cookies are not already set, or if cookies are set and the authentication server performed additional verification on the data contained in the cookies. Verification consists of verifying user account status and is Passport authentication server-specific.

<14> Section 3.3.5.2: The Microsoft Passport authentication server includes an Authentication Server-Instructed Update message with every Token Response message.

 
Show:
© 2014 Microsoft