December 27, 2011 Leave a comment
Accessing REST based services from Windows Phone 7 client devices include two approaches: Active Federation implementation means how the client application uses OAuth protocol and contacts all the issuers in the trust chain in turn to acquire a valid SWT token to access a online enterprise application where as in passive federation mode device ‘s embedded browser requests the identity provider list from Access Control Service(ACS 2.0) which in turn requests for token from trusted issuer & issuer sends back the SAML 2.0 token which is received by the device then it send a call to the enterprise REST service as Relying Party (RP) with Simple Web Token (SWT) Token.
- Comparison of the Federation Difference:
- The passive federation solution that leverages an embedded browser control offers a simpler approach to obtain an SWT token because the embedded web browser control in combination with the WS-Federation protocol handles most of the logic to visit the issuers and obtain the SWT token that the enterprise application needs.
- In the active federation solution, the Windows Phone Application must include code to control the interactions with the issuers explicitly. Also, the active solution must include code to handle the requests for SAML tokens from the Relying Party(Issuer).
- An advantage of passive federation approach is that it enables the Windows Phone Application to dynamically build the list of identity providers to your ACS configuration.
- You must explicitly add any SWT token caching behavior to the Windows Phone application for both the active or passive federation solutions.
- Download 9WindowsPhoneClientFederation from http://claimsid.codeplex.com to get Visual Studio development system solution for Claims identity based REST services for Windows Phone .