1 min read

Ptr: Azure Pack UserVoice Feedback

Ptr: http://feedback.azure.com/forums/255259-azure-pack Looks like Microsoft just launched a public UserVoice site for Azure Pack! You can submit or vote for your most wanted features for upcoming releases. Cool! Like all feedback sites not all features or requests can be met, but it’s still a great way for customers to tell Microsoft where they should focus…

1 min read

Ptr: Authentication Scenarios in Azure AD

Came across a great article on MSDN recently that outlines the various authentication scenarios in Azure AD. Azure Active Directory (Azure AD) simplifies authentication for developers by providing identity as a service, with support for industry-standard protocols such as OAuth 2.0 and OpenID Connect, as well as open source libraries for different platforms to help…

14 min read

Windows Azure Pack Tenant Public API Authentication Options

Web services, as we’ve learned throughout this series, are integral to the workings of Windows Azure Pack. Every UI exposed to the user connects to the backend via web service, every resource provider is managed by Windows Azure Pack through their own web services, and 3rd party functionality can be tied in through web services….

2 min read

Windows Azure Pack at TechEd 2014

It looks like Windows Azure Pack is starting to become my new favorite thing — so much so that I was excited to see that there were a number of presentations on it at TechEd this year. What makes this even better is that the presentations were recorded and you can stream them from Channel…

13 min read

Web Service Authentication in Windows Azure Pack

It’s been a couple months since we last looked at Windows Azure Pack so before we jump into the thick of it lets recap. Windows Azure Pack is an awesome on-premise private cloud platform The interactive portions are broken down into two sections: admin areas and tenant areas It relies on JWTs as bearer tokens…

2 min read

Covert Redirect in OAuth 2.0 and OpenID — or yeah, and?

Earlier today a news story broke claiming the sky is falling because OAuth 2.0 and OpenID are vulnerable to “Covert Redirect” attacks — or as the rest of the world calls them — open redirects. This class of vulnerability has been around for quite a while and frankly is already mentioned in the threat model for…

2 min read

Windows Azure Pack Authentication Part 3.5 – Using ADFS

Since we looked at using a custom IdP for Windows Azure Pack last time I figured it would be good to explicitly list some resources for those looking to use ADFS instead as that’s a fairly common scenario people are exploring. Building Clouds Federated Identities to Windows Azure Pack through AD FS – Part 1…