Provisioning IssueTracker Enterprise:

Highlights:

  • There’s no direct interaction with Access Control Service. IssueTracker uses ACS API to create the scopes, rules and the issuer (Contoso).
  • The provisioning form captures all the required information to setup the trust relationship between Access Controls Service and the tenant (certificate, etc)

 

 

Tenant (Contoso_Enterprise) uses IssueTracker Enterprise from a Smart Client (Active Profile):

Highlights:

  • Tenant STS is configured:
    • Tenant name that must be the same as the name used in the provisioning form.
    • Signing certificate thumbprint: this is used internally to retrieve the certificate form the store. Thumbprint can be obtained from the certificate properties.

 

Tenant Manages IssueTracker Enterprise from PowerShell scripts:

Highlights:

  • PowerShell CmdLets are registered
  • Management User disables the application (passing a parameter to define reason)
  • Business User attempts to use the system, gets an error message (with the above reason)
  • Management user enables application back

 

Tenant changes STS configuration issuing different Claims:

Highlights:

  • Tenant changes one of the output claims to “Program Manager”. In the real implementation this could be a user moving from group in Active Directory to another
  • System rejects access as the claim is not recognized as input to any rule in ACS