PowerShell cmdlets such as Get-IdentityProvider and Get-RuleGroup take aManagementKey parameter to authenticate with ACS. I had assumed, because of the name of the parameter, that you should use theSymmetric Key value from the Management service page in the ACS portal.
This appeared to work, until I generated a new key in the portal and tried to use the new key as the ManagementKey parameter. This resulted in a 401 authorization failure.
When I tried to use the Password value from the Management service page in the ACS portal, it succeeded.
Is it expected that the PowerShell cmdlets should use the Password and not the Symmetric Key value to authenticate with ACS?
To summarize:
- It's confusing that the value expected by the ManagementKey parameter is in fact the password.
- This is compounded by the fact that the password and symmetric key initially have the same value when you create an ACS namespace so using the symmetric key value appearsto work.
Dominic Betts