Exam 70-486 topic 1 question 48 discussion

DRAG DROP -
You are developing an ASP.NET MVC application that allows users to log on by using a third-party authenticator.
You need to configure Microsoft Azure Access Control Services and the application.
Which five actions should you perform in sequence? (To answer, move the appropriate actions from the list of actions to the answer area and arrange them in the correct order.)
Select and Place:

Suggested Answer:
Box 1: Create a service namespace
The first step is to create an ACS Namespace. This is your Security Token Services (STS) that will generate Signed Identity tokens to be consumed by WAP. This will also be the only STS that WAP will trust.
Box 2: Register the application as a relaying partner.
Now that the Namespace is created, you will have to tell it about the WAP Portals that is expecting tokens from it. We add the WAP Tenant Portal as a Relying
Party to ACS (Access Control Services).
Box 3: Add a Security Token Service (STS) reference in Visual Studio 2012.
Now that the Namespace is created, you will have to tell it about the WAP Portals that is expecting tokens from it.
1. Click on Relying Party Applications and click on Add to add the Windows Azure Pack tenant Portal as a Relying Party to this namespace. This essentially tells the ACS namespace that the Tenant Portal is expecting it to provide user identities.
2. You will now go to the Add Relying Party Application page where you can enter details about the WAP tenant Portal.
3. The easier option is to provide the federation Metadata from the tenant portal. Save the XML file locally on your computer
4. Now back in the ACS management portal, Upload the federation metadata file and provide a Display Name for the Relying Party.
5. Scroll Down to the Token Format section and choose the token format to be 'JWT'. By Default, the Windows Live Identity Provider will be selected. Deselect it if you do not want to allow users to sign in using their Live id. Under the Token Signing Settings section, select X.509 Certificate as the Type. Click on Save.
Box 4: Add the third-party as the identity provider.
We have our ACS and WAP portals setup. We now have to find a source of Identities that can be flown in to the WAP Portals through ACS. We configure external services to act as Identity Providers
Box 5: Generate provider rules for claims
We now have our Relying Party and our Identity Providers set up. We should now tell ACS how to transform the incoming Claims from these Identity providers so that the Relying Party can understand it. We do that using Rule Groups which are a set of rules that govern Claim Transformation. Since, we have two identity
Providers, we will have to create a rule for each of these.
References:
https://blogs.technet.microsoft.com/privatecloud/2014/01/17/setting-up-windows-azure-active-directory-acs-to-provide-identities-to-windows-azure- pack/