CODEWITHSUNDEEP
phpweb-servicesmobile
A23
A23

Reputation: 1606

Authenticate against Windows Azure Active Directory (Web Service)

The project I'm working on is a set of web services that fetches data from a local database. The client wants to restrict access to only authorised users by validating their credentials against an Azure Active Directory.

I've taken a look at http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-get-started-users/ and a few other articles on how best to proceed with this but I can't seem to find a reliable way to do this.

I've tried to use cURL with the following xml - 

<?xml version="1.0" encoding="utf-8"?>
<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <s:Header>
        <a:Action s:mustUnderstand="1">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</a:Action>
        <a:To s:mustUnderstand="1">https://login.windows.net/[]/saml2</a:To>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" >
            <o:UsernameToken>
              <o:Username>USERNAME</o:Username>
              <o:Password>PASS</o:Password>
            </o:UsernameToken>
        </o:Security>
    </s:Header>
    <s:Body>
        <trust:RequestSecurityToken xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
            <wsp:AppliesTo xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
                <a:EndpointReference>
                    <a:Address>https://login.windows.net/[]/saml2</a:Address>
                </a:EndpointReference>
            </wsp:AppliesTo>
            <trust:KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
            <trust:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</trust:RequestType>
            <trust:TokenType>urn:oasis:names:tc:SAML:2.0:assertion</trust:TokenType>
        </trust:RequestSecurityToken>
    </s:Body>
</s:Envelope>

and the cURL command

curl https://login.windows.net/[]/saml2 --data @tmp.xml  -H "Content-Type:application/soap+xml" -v

I keep getting "Not a valid saml2 request". Is there a way to do this via cURL? What would be the best way to do this authentication without having to redirect the user to a login page?

Upvotes: 1

Views: 230

Answers (1)

A23
A23

Reputation: 1606

For anyone else having this problem (and being completely new to SAML2), please check out SimpleSamlphp. I had my service running in a few minutes.

Note : This requires the application to be authorised as service provider with Azure. And if you have any issues with your registered application not being in Test Authentication sources, make sure your metadata key name is correct.

Upvotes: 1

Related Questions