First chance for developers to try out Microsoft's new IdMaaS solution
Today Microsoft announced the Windows Azure Active Directory Developer Preview, a set of tools to enable developers to build cloud applications that integrate with the cloud identity service. This is the third post from the Azure team on Windows Azure AD, and the first one that has something you can actually kick the tires with. (The first post introduced the service, and the second described its capabilities in more detail.) In addition to the capabilities originally described in these posts, the Developer Preview has two new capabilities: the Graph API and Web SSO.
The Graph API (the programmatic interface to Windows Azure AD; see here for more information about it) has the following features:
- A REST interface which provides an API set to query Windows Azure AD data
- PowerShell cmdlets to provide an application read access to a Windows Azure AD instance
- OData support for easier integration with other Microsoft products
- .NET code walkthroughs that shows how use Graph with your application.
Kim Cameron, Microsoft's identity architect, has also posted an entry in his Identity Blog in which he explains why Microsoft has developed a Graph API while at the same time the SCIM cloud user management specification is rapidly gaining acceptance. (Executive summary: Graph is already proven to work at massive scale with Facebook, Microsoft wants the broadest possible adoption and needs it now, and Kim believes they can peaceably coexist.)
The Web single sign-on component (a basic capability for any IdMaaS product) has the following features:
- STS metadata endpoints that tell your application how to communicate with Windows Azure AD's federation service
- WS-Fed support with SAML 2.0 tokens
- PowerShell cmdlets to configure a Windows Azure AD tenant to perform SSO with your application
- Code walkthroughs
Finally, there's a sample Expense app to show how it's all supposed to work.
Read the post to get detailed information on how to use this preview and what it can and cannot do. The team plans to release additional capabilities to the web over the coming months.
Follow Sean on Twitter at @shorinsean.