Table of contents:

Introduction

SSO (Single Sign On) is a authentication scheme available since MSNP15.

Like its predecessor TWN, it authenticates using a Passport Compact Token. However, the original query parameter-based policies have been replaced with encryption-based challenges. Additionally, the token domain has been changed.

Procedure

Initial USR Exchange

The client sends the initial USR request, and the notification server provides a policy and a base64 nonce:

C: USR TrID SSO I user-handle
S: USR TrID SSO S policy nonce

Where user-handle is the handle (e-mail address) the client is authenticating with.

Where policy is the authentication policy, usually MBI_KEY_OLD or MBI_KEY.

Where nonce is the cryptographic nonce used when calculating the client challenge. Encoded in base64.

Passport Authentication

The client now authenticates with passport and completes the policy challenge using the provided nonce. This process is documented at Passport SOAP (RST).

The token must be requested for messengerclear.live.com.

Note that SSO no longer supports the use of Passport SSI 1.4 due to the use of policy challenges.

Challenge generation

You will need to generate a response if the authentication policy is MBI_KEY or MBI_KEY_OLD:

  1. Using the challenge nonce (provided by the USR SSO S's fourth parameter, 64 characters.)
  2. Using the binary secret (provided by the Passport SOAP (RST) response for messengerclear.live.com, 32 characters.)
  3. Generating an IV (8 bytes, 12 characters).
  4. First, the binary secret should be base64 decoded into a buffer of 24 bytes.
    NOTE: Do not decode the challenge nonce. It is treated as 64 bytes already.
    NOTE: If replaying a generation, the IV is required to be extracted from the challenge response.
  5. Instance a HMAC-SHA1 hash function with the 24-byte binary secret as the parameter. Call this hashProvider.
  6. Then compute hashes using the decoded binary secret (key1):
    1. Using hashProvider, generate a hash with the constant WS-SecureConversationSESSION KEY HASH. Save this as hash1.
  7. Concatenate hash1 with the constant WS-SecureConversationSESSION KEY HASH. Save this as hash1constant.
  8. Using hashProvider, generate a hash of hash1constant. Save this as hash2, and keep for key2.
  9. Using hashProvider, generate a hash of hash1. Save this as hash3.
  10. Concatenate hash3 with the constant WS-SecureConversationSESSION KEY HASH. Save this as hash3constant.
  11. Using hashProvider, generate a hash of hash1constant. Save this as hash4, and keep for key2.
  12. To create key2, create a 24 byte buffer.
    The first 20 bytes should be the entirity of hash2, and the remaining 4 bytes should be the first 4 bytes of hash4.
  13. Then compute more hashes using the decoded binary secret (key1).
    Use the constant WS-SecureConversationSESSION KEY ENCRYPTION instead.
    This should provide hash5, hash6, hash7 and hash8.
  14. To create key3, create a 24 byte buffer.
    The first 20 bytes should be the entirity of hash6. the remaining 4 bytes should be the first 4 bytes of hash8.
  15. Instance a HMAC-SHA1 hash function for key2.
  16. Use the key2 HMAC-SHA1 to compute the hash for the challenge nonce. Save this as hash9.
  17. Create a 72-byte buffer called inputBuffer. The last 8 bytes should be all the value 8.
  18. Copy the whole nonce (64 bytes) into the first 64 bytes of inputBuffer.
  19. Using 3DES-CBC, encrypt the first 64 bytes of inputBuffer with your IV. Call this tdesBlock.
  20. Create a 128-byte buffer called result.
    The first 28 bytes should be: 28, 0, 0, 0, 1, 0, 0, 0, 3, 102, 0, 0, 4, 128, 0, 0, 8, 0, 0, 0, 20, 0, 0, 0, 72, 0, 0, and finally 0.
  21. The next 8 bytes of result should be your IV.
  22. The next 20 bytes of result should be hash9.
  23. The next 72 bytes of result should be tdesBlock.
  24. Encode result in base64. This is your challenge response.

An example of doing this is provided as SolveSSOChallenge in msnp_challenges.cs.

Subsequent USR Exchange

The client completes the authentication flow by sending the Passport Compact Token and the completed policy challenge to the Notification Server (NS):

C: USR TrID SSO S compact-token challenge
S: USR TrID OK (...)