none
Confused with the WP Enrollment Process RRS feed

  • Question

  • Hi team,

    I'm studing the WP MDM documents from http://technet.microsoft.com/en-us/library/dn499787.aspx and faced some questions really need your help.

    I can get the Dicovery response from the service in current and I set the <AuthPolicy> to Federated and the <AuthenticationServiceUrl>  to a https://xxxxxx page(that me say it login.aspx) with the appru & login_hint parameters. My questions are:

    1) Should I verify the user/password in the login.aspx then redirect to a redirect page(let me say it redirect.aspx) with POST methd action of appid and the token value(wresult) after username/password verify sucess?

    2) The document said that wresult: "The security token value is the base64-encoded string "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd#base64binary" contained in the <wsse:BinarySecurityToken> EncodingType attribute". How can I get the <wsse:BinarySecurityToken> EncodingType attribute in Login.aspx(If I'm correct in Q1)?    Or maybe should I encode "Any token string generated from my server to identify this user"   and put into wresult, and this encoded string be used in the MS-XCEP/MS-WSTEP requests automatically after that?

    3) Will the WP devices triger the MS-XCEP GetPolicies request and MS-WSTEP RequestSecurityToken request in redirect.aspx's post action?

    Great thanks for your patience and help!

    BR/Kenn


    • Edited by Kenn Zhang Tuesday, January 20, 2015 4:08 PM Added more detail in Q2.
    Tuesday, January 20, 2015 12:23 PM

All replies

  • Well...still no one commented here... I already had some progress, I'd like to share my understanding here to whom maybe also newbie in this area.

    Q1 & Q2: Yes, acturally there is a step in Windows 8 MDM document mentioned it. It called this step as "Security Token Service" step. I guess you can verify your client base on username/password or whatever you want in this STS step and returen a token to mobile/tablet device.

    Q3,Yes, the MDM client in mobile/tablet device will triger the MS-XCEP GetPolicies request and MS-WSTEP RequestSecurityToken request in the Web Auth Page(redirect.aspx) post action.

    So, we should have two Token services in the MDM solution in general.

    1. Security Token Service: used to verify your user and return a security token.

    2. The MS-WSTEP security token service: which mentioned in WP MDM document, will used in enrollment step.

    BR/Kenn

    • Marked as answer by Kenn Zhang Tuesday, January 27, 2015 4:12 AM
    • Unmarked as answer by Kenn Zhang Tuesday, January 27, 2015 4:12 AM
    • Edited by Kenn Zhang Tuesday, January 27, 2015 5:21 AM Text format
    Tuesday, January 27, 2015 4:05 AM