Authenticating Windows Azure Pack Management Portals and Service Management API


Applies To: Windows Azure Pack

Authenticating to the Windows Azure Pack Admin and Tenant Portals

Browser-based Authentication XE "Browser-based Authentication" in Windows Azure Pack is based on WS-Federation Passive Requestor Profile, which describes the communication flow between the browser and web applications. It relies on browser redirects, HTTP GET, and POST to request and pass around tokens. In a default Windows Azure Pack installation, the trust between the management portals and the authentication sites are set up so that when the user tries to access the management portal for administrators or the management portal for tenants, he or she is redirected to the appropriate authentication site where the credentials are validated and a token is sent back. This behavior is similar to when other STS’s are federated with Windows Azure Pack. The following diagram demonstrates a typical login flow to Windows Azure Pack.

Windows Azure PAck Login Workflow

Authenticating to the Windows Azure Pack Service Management API

Windows Azure Pack also facilities direct interaction with the Service Management layer API. When making API calls, you will need to present a security token from a trusted STS. The protocols you follow to get these tokens depend on the trust chain topology that is part of your Windows Azure Pack installation. Once you obtain the Security token, you will have to pass it as a Bearer token in the header of the request.

If the client application does not have a browser based interface, the users need to be active and know about every STS in the trust chain and about the final IdP. The user is expected to reach to the end IdP, authenticate themselves and then explicitly go through every STS in the chain (in the right order) and exchange the token. It gets more complicated if a given STS or IdP in the chain supports a different protocol or a different security token type. The user is expected to be familiar with the entire trust chain topology and approach every STS or IdP using the required protocol.


The Windows Azure Pack Developer Kit sample SampleAuthApplication demonstrates how to perform authentication to the Admin and Tenant Service Management REST API endpoints.

See Also

Windows Azure Pack Authentication