Dışarıya aktar (0) Yazdır
Tümünü Genişlet
EN
Bu içerik dilinizde bulunmamaktadır ancak İngilizce sürümüne buradan bakabilirsiniz.

How to: Add Service Identities with an X.509 Certificate, Password, or Symmetric Key

Published: April 7, 2011

Updated: November 24, 2014

Applies To: Azure

  • Microsoft Azure Active Directory Access Control (also known as Access Control Service or ACS)

Service Identities are a type of credential configured globally for the Access Control namespace that allows applications or users to authenticate directly with ACS and receive a token. Service identities are used most commonly in REST web service scenarios using the OAuth WRAP protocol, where a client requests a SWT directly token from ACS to present to the web service.

  • Objectives

  • Overview

  • Step 1 - Add a Service Identity with a Password

  • Step 2 - Add a Service Identity with a Symmetric Key

  • Step 3 - Add a Service Identity with an X.509 Certificate

  • Related Items

  • Enumerate types of service identity credentials.

  • Map credentials types to token formats and protocols.

There are three types of service identity credentials:

  • Passwords—Passwords are used in plaintext token requests to Access Control Service using the OAuth WRAP protocol. The password field corresponds to the wrap_password parameter in an OAuth WRAP v0.9 token request, where the username field corresponds to the wrap_name parameter.

  • Symmetric Keys—Symmetric keys are used in signed SWT token requests to Access Control Service using the OAuth WRAP protocol. This symmetric key is used to create the HMACSHA256 signature in the signed SWT token presented to Access Control Service.

  • X.509 Certificates—X.509 certificates (public key only) are used to validate the signature of signed SAML token requests made ACS using the WS-Trust protocol.

  • Step 1 - Add a Service Identity with a Password

  • Step 2 - Add a Service Identity with a Symmetric Key

  • Step 3 - Add a Service Identity with an X.509 Certificate

  1. On the Access Control Service management portal, click Service Identities.

  2. Click Add Service Identity.

  3. In the Name field, enter a name for the service identity. This will be the username value used in the token request.

  4. Click Save.

  5. On the next page, click Add Credential.

  6. In the Display name field, provide a value.

  7. In the Type field, select Password.

  8. In the Password field, enter a password.

  9. In the Effective date field, set the date at which this credential will take effect.

  10. In the Expiration date field set the date at which this credential will expire.

  11. Click Save.

  1. On the Access Control Service management portal main page, click Service Identities.

  2. Click Add Service Identity.

  3. In the Name field, enter a name for the service identity.

  4. Click Save

  5. On the next page, click Add Credential.

  6. In the Display name field, provide a value.

  7. In the Type field, select Symmetric Key.

  8. In the Key field, click Generate to automatically generate a random 256-bit symmetric key. Or, enter your own 256-bit symmetric key.

  9. In the Effective date field, set the date at which this credential will take effect.

  10. In the Expiration date field, set the date at which this credential will expire.

  11. Click Save.

  1. On the Access Control Service management portal main page, click Service Identities.

  2. Click Add Service Identity.

  3. In the Display name field, enter a name for the service identity.

  4. Click Save.

  5. On the next page, click Add Credential.

  6. In the Name field, provide a value.

  7. In the Type field, select X.509 Certificate.

  8. In the Certificate field, browse to load an X.509 certificate (.cer file) that contains the public key required to valid token signatures.

  9. Click Save.

See Also

Concepts

ACS How To's

Topluluk İçeriği

Ekle
Show:
© 2014 Microsoft