Merge pull request #422 from MicrosoftDocs/master

8/6/2019 AM Publish

.openpublishing.redirection.json

@@ -370,6 +370,16 @@
       {
       "source_path": "docs/cloud-adoption/operations/monitor/cloud-app-howto.md",
       "redirect_url": "/azure/architecture/cloud-adoption/operations/monitor/cloud-models-monitor-overview"
+      },
+      {
+         "source_path": "docs/multitenant-identity/run-the-app.md",
+         "redirect_url": "/azure/architecture/multitenant-identity/tailspin",
+         "redirect_document_id": true
+      },
+      {
+         "source_path": "docs/multitenant-identity/key-vault.md",
+         "redirect_url": "/azure/architecture/multitenant-identity/web-api",
+         "redirect_document_id": true
       }
   ] 
   } 

docs/multitenant-identity/authenticate.md

@@ -32,7 +32,7 @@ To enable OpenID Connect, the SaaS provider registers the application inside the
 
 To register the application, follow the steps in [Quickstart: Register an application with the Microsoft identity platform](/azure/active-directory/develop/quickstart-register-app).
 
-See [Run the Surveys application](./run-the-app.md) for the specific steps for the Surveys application. Note the following:
+To enable this functionality in the sample Surveys application, see the [GitHub readme](https://github.com/mspnp/multitenant-saas-guidance/blob/master/get-started.md). Note the following:
 
 - For a multitenant application, you must configure the multitenanted option explicitly. This enables other organizations to access the application.
 
@@ -83,7 +83,7 @@ app.UseCookieAuthentication(new CookieAuthenticationOptions {
 
 ## Initiate the authentication flow
 
-To start the authentication flow in ASP.NET MVC, return a **ChallengeResult** from the contoller:
+To start the authentication flow in ASP.NET MVC, return a **ChallengeResult** from the controller:
 
 ```csharp
 [AllowAnonymous]
@@ -166,7 +166,7 @@ By default, the OIDC middleware knows how to fetch this metadata. Set the **Auth
 By default, the OIDC middleware uses hybrid flow with form post response mode.
 
 - *Hybrid flow* means the client can get an ID token and an authorization code in the same round-trip to the authorization server.
-- *Form post reponse mode* means the authorization server uses an HTTP POST request to send the ID token and authorization code to the app. The values are form-urlencoded (content type = "application/x-www-form-urlencoded").
+- *Form post response mode* means the authorization server uses an HTTP POST request to send the ID token and authorization code to the app. The values are form-urlencoded (content type = "application/x-www-form-urlencoded").
 
 When the OIDC middleware redirects to the authorization endpoint, the redirect URL includes all of the query string parameters needed by OIDC. For hybrid flow:
 

docs/multitenant-identity/client-assertion.md

@@ -15,7 +15,9 @@ pnp.series.next: key-vault
 
 [![GitHub](../_images/github.png) Sample code][sample application]
 
-## Background
+This article describes how to add client assertion to the [Tailspin Surveys][Surveys] sample application.
+
+## Understanding client assertion in OpenID Connect
 
 When using authorization code flow or hybrid flow in OpenID Connect, the client exchanges an authorization code for an access token. During this step, the client has to authenticate itself to the server.
 
@@ -63,6 +65,8 @@ Notice that the `client_secret` parameter is no longer used. Instead, the `clien
 
 At run time, the web application reads the certificate from the certificate store. The certificate must be installed on the same machine as the web app.
 
+## Implementing client assertion
+
 The Surveys application includes a helper class that creates a [ClientAssertionCertificate](/dotnet/api/microsoft.identitymodel.clients.activedirectory.clientassertioncertificate) that you can pass to the [AuthenticationContext.AcquireTokenSilentAsync](/dotnet/api/microsoft.identitymodel.clients.activedirectory.authenticationcontext.acquiretokensilentasync) method to acquire a token from Azure AD.
 
 ```csharp
@@ -93,19 +97,13 @@ public class CertificateCredentialService : ICredentialService
 }
 ```
 
-For information about setting up client assertion in the Surveys application, see [Use Azure Key Vault to protect application secrets
-][key vault].
-
-[**Next**][key vault]
+[**Next**](./adfs.md)
 
 <!-- links -->
 
 [configure-web-app]: /azure/app-service-web/web-sites-configure/
 [azure-management-portal]: https://portal.azure.com
 [client assertion]: https://tools.ietf.org/html/rfc7521
-[key vault]: key-vault.md
-[Setup-KeyVault]: https://github.com/mspnp/multitenant-saas-guidance/blob/master/scripts/Setup-KeyVault.ps1
+[sample application]: https://github.com/mspnp/multitenant-saas-guidance
 [Surveys]: tailspin.md
 [using-certs-in-websites]: https://azure.microsoft.com/blog/using-certificates-in-azure-websites-applications/
-
-[sample application]: https://github.com/mspnp/multitenant-saas-guidance

docs/multitenant-identity/index.md

@@ -22,7 +22,7 @@ When you're building a multitenant application, one of the first challenges is m
 
 Azure Active Directory (Azure AD) has some great features that support all of these scenarios.
 
-To accompany this series of articles, we created a complete [end-to-end implementation][sample-application] of a multitenant application. The articles reflect what we learned in the process of building the application. To get started with the application, see [Run the Surveys application][running-the-app].
+To accompany this series of articles, we created a complete [end-to-end implementation][sample-application] of a multitenant application. The articles reflect what we learned in the process of building the application. To get started with the application, see the [GitHub readme](https://github.com/mspnp/multitenant-saas-guidance/blob/master/get-started.md).
 
 ## Introduction
 
@@ -94,4 +94,3 @@ This guidance does not consider other aspects of multitenancy such as data parti
 <!-- links -->
 
 [sample-application]: https://github.com/mspnp/multitenant-saas-guidance
-[running-the-app]: ./run-the-app.md