![[MS-OFBA]: Office Forms Based Authentication Protocol](/img/3/ms-ofba.jpg)
Transcription
[MS-OFBA]:Office Forms Based Authentication ProtocolIntellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation (“thisdocumentation”) for protocols, file formats, data portability, computer languages, and standardssupport. Additionally, overview documents cover inter-protocol relationships and interactions.Copyrights. This documentation is covered by Microsoft copyrights. Regardless of any otherterms that are contained in the terms of use for the Microsoft website that hosts thisdocumentation, you can make copies of it in order to develop implementations of the technologiesthat are described in this documentation and can distribute portions of it in your implementationsthat use these technologies or in your documentation as necessary to properly document theimplementation. You can also distribute in your implementation, with or without modification, anyschemas, IDLs, or code samples that are included in the documentation. This permission alsoapplies to any documents that are referenced in the Open Specifications documentation.No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.Patents. Microsoft has patents that might cover your implementations of the technologiesdescribed in the Open Specifications documentation. Neither this notice nor Microsoft's delivery ofthis documentation grants any licenses under those patents or any other Microsoft patents.However, a given Open Specifications document might be covered by the Microsoft OpenSpecifications Promise or the Microsoft Community Promise. If you would prefer a written license,or if the technologies described in this documentation are not covered by the Open SpecificationsPromise or Community Promise, as applicable, patent licenses are available by contactingiplg@microsoft.com.License Programs. To see all of the protocols in scope under a specific license program and theassociated patents, visit the Patent Map.Trademarks. The names of companies and products contained in this documentation might becovered by trademarks or similar intellectual property rights. This notice does not grant anylicenses under those rights. For a list of Microsoft trademarks, visitwww.microsoft.com/trademarks.Fictitious Names. The example companies, organizations, products, domain names, emailaddresses, logos, people, places, and events that are depicted in this documentation are fictitious.No association with any real company, organization, product, domain name, email address, logo,person, place, or event is intended or should be inferred.Reservation of Rights. All other rights are reserved, and this notice does not grant any rights otherthan as specifically described above, whether by implication, estoppel, or otherwise.Tools. The Open Specifications documentation does not require the use of Microsoft programmingtools or programming environments in order for you to develop an implementation. If you have accessto Microsoft programming tools and environments, you are free to take advantage of them. CertainOpen Specifications documents are intended for use in conjunction with publicly available standardsspecifications and network programming art and, as such, assume that the reader either is familiarwith the aforementioned material or has immediate access to it.Support. For questions and support, please contact dochelp@microsoft.com.1 / 23[MS-OFBA] - v20180828Office Forms Based Authentication ProtocolCopyright 2018 Microsoft CorporationRelease: August 28, 2018
Revision 6/20080.1NewInitial Availability10/6/20080.2EditorialRevised and edited the technical content1/16/20091.0MajorRevised and edited the technical content7/13/20091.01MajorChanges made for template compliance8/28/20091.02EditorialRevised and edited the technical content11/6/20091.03EditorialRevised and edited the technical content2/19/20102.0EditorialRevised and edited the technical content3/31/20102.01EditorialRevised and edited the technical content4/30/20102.02EditorialRevised and edited the technical content6/7/20102.03EditorialRevised and edited the technical content6/29/20102.04MinorClarified the meaning of the technical content.7/23/20102.04NoneNo changes to the meaning, language, or formatting of thetechnical content.9/27/20102.04NoneNo changes to the meaning, language, or formatting of thetechnical content.11/15/20102.04NoneNo changes to the meaning, language, or formatting of thetechnical content.12/17/20102.04NoneNo changes to the meaning, language, or formatting of thetechnical content.3/18/20112.04NoneNo changes to the meaning, language, or formatting of thetechnical content.6/10/20112.04NoneNo changes to the meaning, language, or formatting of thetechnical content.1/20/20122.5MinorClarified the meaning of the technical content.4/11/20122.5NoneNo changes to the meaning, language, or formatting of thetechnical content.7/16/20122.6MinorClarified the meaning of the technical content.9/12/20122.6NoneNo changes to the meaning, language, or formatting of thetechnical content.10/8/20122.6NoneNo changes to the meaning, language, or formatting of thetechnical content.2/11/20132.6NoneNo changes to the meaning, language, or formatting of thetechnical content.7/30/20132.6NoneNo changes to the meaning, language, or formatting of thetechnical content.11/18/20132.7MinorClarified the meaning of the technical content.2 / 23[MS-OFBA] - v20180828Office Forms Based Authentication ProtocolCopyright 2018 Microsoft CorporationRelease: August 28, 2018
DateRevisionHistoryRevisionClass2/10/20142.7NoneNo changes to the meaning, language, or formatting of thetechnical content.4/30/20142.7NoneNo changes to the meaning, language, or formatting of thetechnical content.7/31/20142.7NoneNo changes to the meaning, language, or formatting of thetechnical content.10/30/20142.7NoneNo changes to the meaning, language, or formatting of thetechnical content.3/16/20153.0MajorSignificantly changed the technical content.6/30/20154.0MajorSignificantly changed the technical content.9/4/20155.0MajorSignificantly changed the technical content.4/14/20166.0MajorSignificantly changed the technical content.7/15/20166.0NoneNo changes to the meaning, language, or formatting of thetechnical content.9/14/20166.0NoneNo changes to the meaning, language, or formatting of thetechnical content.8/28/20187.0MajorSignificantly changed the technical content.Comments3 / 23[MS-OFBA] - v20180828Office Forms Based Authentication ProtocolCopyright 2018 Microsoft CorporationRelease: August 28, 2018
Table of Contents1Introduction . 51.1Glossary . 51.2References . 51.2.1Normative References . 51.2.2Informative References . 61.3Overview . 61.4Relationship to Other Protocols . 81.5Prerequisites/Preconditions . 81.6Applicability Statement . 81.7Versioning and Capability Negotiation . 81.8Vendor-Extensible Fields . 81.9Standards Assignments. 82Messages . 92.1Transport . 92.2Message Syntax . 92.2.1Protocol Discovery Requests . 92.2.2Forms Based Authentication Required Response Header . 102.2.3HTML Request . 103Protocol Details . 123.1Common Details . 123.1.1Abstract Data Model . 123.1.2Timers . 123.1.3Initialization . 123.1.4Higher-Layer Triggered Events . 123.1.5Message Processing Events and Sequencing Rules . 123.1.6Timer Events . 123.1.7Other Local Events . 123.2Client Details . 123.2.1Abstract Data Model . 123.2.2Timers . 123.2.3Initialization . 133.2.4Higher-Layer Triggered Events . 133.2.5Message Processing Events and Sequencing Rules . 133.2.6Timer Events . 133.2.7Other Local Events . 133.3Server Details . 133.3.1Abstract Data Model . 133.3.2Timers . 133.3.3Initialization . 133.3.4Higher-Layer Triggered Events . 133.3.5Message Processing Events and Sequencing Rules . 133.3.6Timer Events . 143.3.7Other Local Events . 144Protocol Examples . 155Security . 175.1Security Considerations for Implementers . 175.2Index of Security Parameters . 176Appendix A: Product Behavior . 187Change Tracking . 208Index . 214 / 23[MS-OFBA] - v20180828Office Forms Based Authentication ProtocolCopyright 2018 Microsoft CorporationRelease: August 28, 2018
5 / 23[MS-OFBA] - v20180828Office Forms Based Authentication ProtocolCopyright 2018 Microsoft CorporationRelease: August 28, 2018
1IntroductionThe Office Forms Based Authentication Protocol provides protocol clients and servers with HTTP formsbased authentication when other authentication mechanisms (as described in [RFC4559] and[RFC2617]) are not available.Sections 1.5, 1.8, 1.9, 2, and 3 of this specification are normative. All other sections and examples inthis specification are informative.1.1GlossaryThis document uses the following terms:challenge: A piece of data used to authenticate a user. Typically a challenge takes the form of anonce.MAY, SHOULD, MUST, SHOULD NOT, MUST NOT: These terms (in all caps) are used as definedin [RFC2119]. All statements of optional behavior use either MAY, SHOULD, or SHOULD NOT.1.2ReferencesLinks to a document in the Microsoft Open Specifications library point to the correct section in themost recently published version of the referenced document. However, because individual documentsin the library are not updated at the same time, the section numbers in the documents may notmatch. You can confirm the correct section numbering by checking the Errata.1.2.1 Normative ReferencesWe conduct frequent surveys of the normative references to assure their continued availability. If youhave any issue with finding a normative reference, please contact dochelp@microsoft.com. We willassist you in finding the relevant information.[MS-FPS
[MS-OFBA] - v20180828 Office Forms Based Authentication Protocol Copyright 2018 Microsoft Corporation Release: August 28, 2018 1 Introduction The Office Forms Based Authentication Protocol provides protocol clients and servers with HTTP forms-based authentication when other authentication mechanisms (as described in [RFC4559] and
