Was this page helpful?
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

5.1 Security Considerations for Implementers

This protocol requires HTTPS. Not providing SSL will seriously affect the functionality of this protocol. The server will not answer Autodiscover queries unless the Autodiscover client has first authenticated with the Autodiscover server.

The GetFederationInformation operation has to be anonymous. The intent of the GetFederationInformation operation is to provide information to other organizations with the STS in common and instruct them as to how to request security tokens to authenticate against other services. Therefore, the caller needs to have access to the federation information without the need to authenticate first.

© 2015 Microsoft