SALES: 1-800-867-1380

ACS Architecture

Published: April 7, 2011

Updated: February 21, 2014

Applies To: Azure

This topic outlines the architecture and key components of Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS).

ACS v2 Architecture

The ACS Security Token Service (STS) is the set of endpoints that issue tokens to your relying party applications. In other words, STS is the service that ACS uses to provide federated authentication to your web applications and services. ACS supports a variety of protocols that allow it to be accessed from any web platform including .NET Framework, WCF, Silverlight, ASP.NET, Java, Python, Ruby, PHP, and Flash.

ACS supports the following protocols:

  • OAuth WRAP

  • OAuth 2.0

  • WS-Trust

  • WS-Federation

For more information, see Protocols Supported in ACS.

ACS supports the following security token formats:

  • JSON Web Token (JWT)

  • SAML 1.1

  • SAML 2.0

  • Simple Web Token (SWT)

For more information, see Token Formats Supported in ACS.

The URI’s to specific endpoints can be obtained through the ACS Management Portal. URI’s can be used for different tasks. For example:

  • The WS-Federation Metadata endpoint URI can be used when integrating web applications with ACS. WS-Federation metadata can be consumed by a WIF application (or other WS-Federation-compliant application) in order to share certificate information and automate configuration.

  • The ACS Management Service endpoint URI can be used when programmatically managing an Access Control namespace with the ACS Management Service. For more information, see ACS Management Service.

The ACS Management Portal is a web-based user interface that ACS administrators can use to manage the configuration settings of a specific Access Control namespace. For more information, see ACS Management Portal.

The ACS Management Service makes it possible for you to manage ACS programmatically, using the Open Data (OData) protocol. For more information, see ACS Management Service.

The ACS rule engine is used to process the input claims that are present in the security tokens that ACS receives from clients and to generate output claims that are present in the security tokens that ACS issues to relying party applications. For more information, see Rule Groups and Rules.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft