Creating Rule in ACS using ACM
- Hi,
I have been using ACS portal to add rules into my scope. With the new CTP release, I am trying to use ACM.exe to add the rules now.
So can someone please tell me what are the valid inclaimTypes, how do we secify wildcard in inclaimvalue and how do we transform the inclaimvalue into outclaimvalue?
I already have been looked at http://msdn.microsoft.com/en-us/library/ee706706.aspx .
Thnkx
Rahul
Answers
- Good question, Rahul. In the November CTP version of ACS, you can achieve this wildcard behavior using a pass-through rule. If you set the rule Type to PassThrough, then the input value is wildcarded and the output value is copied from the input value (which is why you don't pass an inclaimvalue or an outclaimvalue to ACM.exe) .
The November CTP version provides ADFS v2 integration, but it does not yet support WS-*. Justin has a video on his blog that gives an overview of the integration process: http://channel9.msdn.com/posts/justinjsmith/Access-Control-Service-and-ADFS-v2-Integration/ .- Marked As Answer byRahulSur Sunday, November 08, 2009 12:08 PM
All Replies
- Hi Rahul,
All claim types are now strings with a maximum length of 128-characters.
When creating a PassThrough rule using ACM.exe, neither the inclaimvalue nor the outclaimvalue arguments should be specified. For example:
I'm not sure what you mean by "how do we transform the inclaimvalue to outclaimvalue?" Could you clarify?acm.exe create rule -name:rule -scopeid:<scopeid> -inclaimissuerid:<issuerid> -inclaimtype:<intype> -outclaimtype:<outtype> -service:%acservice% -mgmtkey:%acmgmtkey%
Cyrus- Edited byCyrus Harvesf - MSFT Friday, November 06, 2009 11:44 PMIncluded example
- Hi Cyrus,
We were using ACS to perform user authentication based on Geneva server hosted in a domain. In the pervious version while creating rule using the ACS portal we used to specify input value as wildcard char (*) and then mark the output value as same as input value. So I was trying to understand how do we perform the same in the new release.
Is it true to say that the new release doesnot support WSFederation Authentication? Could you please guide to any technical how-to which could explain how user authentication could be achived using ACS and Geneva server?
Thanks
Rahul - Good question, Rahul. In the November CTP version of ACS, you can achieve this wildcard behavior using a pass-through rule. If you set the rule Type to PassThrough, then the input value is wildcarded and the output value is copied from the input value (which is why you don't pass an inclaimvalue or an outclaimvalue to ACM.exe) .
The November CTP version provides ADFS v2 integration, but it does not yet support WS-*. Justin has a video on his blog that gives an overview of the integration process: http://channel9.msdn.com/posts/justinjsmith/Access-Control-Service-and-ADFS-v2-Integration/ .- Marked As Answer byRahulSur Sunday, November 08, 2009 12:08 PM
- Hi Cyrus,
Thanks for the link. I would try implement the suggested sample.
Thanks,
Rahul
