Yes, that's correct. The DOTNET_BS call the service using the token it got from the Active STS. The service not only validates the token, but also it gets the User profile id from the token claims (or assertions). The rest of the business logic wasn't changed.
Is the WSAS_BS endpoint expecting a SAML token ?. Thanks Pablo. -----Original Message----- From: Chintana Wilamuna [mailto:[email protected]] Sent: Wednesday, October 14, 2009 10:09 AM To: [email protected] Subject: Re: .Net new passive STS impl. On Wed, Oct 14, 2009 at 6:26 PM, Pablo Cibraro <[email protected]> wrote: > There is a problem there, the DOTNET_BS endpoint has been changed to support > claim based security (it expects a SAML token with the user claims). > Therefore, the DOTNET_CLIENT client is negotiating a SAML token before > calling that service. I don't think the WSAS_BS endpoint is expecting that. Pablo, Isn't it suppose to be, you call the service giving the SAML token you got from the STS so the service will try to validate the token and then goes into the normal business logic? Bye, -Chintana -- http://engwar.com/
