I’m trying to write a java code to authenticate the graph API by the Azure Access Control Service (ACS) using OAuth 2.0.
Based on what I’ve read, They are four steps to this
- Generate an assertion which includes the Service Principal’s X.509 Certificate (alternatively, a symmetric key can also be used).
- Present the assertion to the Azure ACS Security Token Service (STS).
- ACS accepts the assertion and authenticates the Service Principal, returning a minted OAuth access token (i.e. JWT token).
- Subsequent API call submissions include the access token.
Can anyone tell me, where do I begin this from? For example, where can I find the java api, how do I generate a symmetric key or an assertion with X.509 cert. I want to create an java app which will create users in the office 365 and authenticating is the initial step. Thanks for the help
I think you would need to start from here:
How to Authenticate Web Users with Windows Azure Access Control Service Using Eclipse – This example uses Windows Live ID for the identity provider, a similar technique could be used for other identity providers as applicable.
Once you have your Java based code is authenticating users successfully you can go ahead and implement further to connect with other providers.