Single Sign-On with Secure Authentication

Play Single Sign-On with Secure Authentication

The Discussion

  • User profile image

    Is this session video going to be made available?

  • User profile image

    Thanks. Better late than never :)

  • User profile image

    I was watching this session and have a few questions. Mostly regarding to security concerns in using the broker. Also please note the link to download SDK sample in the slides is no longer working.

    1. How is the WebAccountProvider is secured so a rogue application can't register for my account provider. Or at very least can client apps specify they want the broker hosted only by a specific AppPackageFamilyName?
    2. Can client applications discover the AppPackageFamily name of application hosting the provider?
    3. Is the ClientId property in WebTokenRequest same as client's AppPackageFamilyName? Would like to validate the app has access to broker.
    4. Does user deleting account also delete provider, or only account information? Want to confirm that as long as app hosting the provider is installed that provider will remain registered.

    Thank You.

Add Your 2 Cents