Provisioning IssueTracker Enterprise:

Highlights:

• There’s no direct interaction with Access Control Service. IssueTracker uses ACS API to create the scopes, rules and the issuer (Contoso).
• The provisioning form captures all the required information to setup the trust relationship between Access Controls Service and the tenant (certificate, etc)

Tenant (Contoso_Enterprise) uses IssueTracker Enterprise from a Smart Client (Active Profile):

Highlights:

• Tenant STS is configured:
  • Tenant name that must be the same as the name used in the provisioning form.
  • Signing certificate thumbprint: this is used internally to retrieve the certificate form the store. Thumbprint can be obtained from the certificate properties.

Tenant Manages IssueTracker Enterprise from PowerShell scripts:

Highlights:

• PowerShell CmdLets are registered
• Management User disables the application (passing a parameter to define reason)
• Business User attempts to use the system, gets an error message (with the above reason)
• Management user enables application back

Tenant changes STS configuration issuing different Claims:

Highlights:

• Tenant changes one of the output claims to “Program Manager”. In the real implementation this could be a user moving from group in Active Directory to another
• System rejects access as the claim is not recognized as input to any rule in ACS