Hey Guys,
I wanted to get experts comments or suggestions to one of my scenario.
My current POC involves
1. Integration SharePoint 2013 with AZURE ACS and use Google/Live a Identity Provider. - Which i've done
2. Investigate any gotchas while working with SharePoint Apps.
So SharePoint has its own STS which takes care of providing proper SAML token to requesting client once authenticated (with AD the default way).
In SharePoint 2013, the way we have configure is i have a SharePoint Web Application which is at http://www.blahblah.com and the SharePoint Apps WebApplication domain is http://companyapps.com both the webapplication uses Claim authentication, and i've configured Trusted Identity provider for both the Web Application with ACS.
So when we create and install apps in SharePoint they basically gets created as a Web with http://www.blahblah.com but the Url of the app's looks something like this http://app-<guid>.apps.companyapps.com , so this is a configuration that all the app's will follow irrespective where they get created (i mean in any SharePoint Web Application). Note here the <Guid> changes for every apps that gets installed in SharePoint.
So when i configured the Relying party in ACS portal, as far as i understood, relying party is information about the WebApplication which is in discussion, hence in my case it's both the SharePoint WebApplication. so what i would want is when a user enters http://www.blahblah.com he should be authenticated to respective identity provider configured in ACS and post when the user tries to again access, the SharePoint App Url which is like http://app-<guid>.apps.companyapps.com from within the Host WebApplication http://www.blahblah.com he should get automatically authenticated based on its previous authentication token and should get redirected to to the App Url.
so the way i've configured right in ACS --> Created two Relying party, which has got its own return Url, so for http://www.blahblah.com/_trust/default.aspx and for the app relying party i've used http://app-<guid>.apps.companyapps.com/someapp/_trust. the same configuration is being done for SharePoint STS with the Url and realm, now the problem is every app will have its own unique Url and its not a viable solution to everytime add a App Url in the relying party and configure the same in SharePoint STS. So if you guys can help me in setting up some generic way which can handle any app url and use the same SAML token used for the http://www.blahblah.com site for App Sites, basically kind of SSO but i'm not getting how to do that.
Hope i was able to draft my query properly
Thanks
Akhilesh Nirapure
