Hello all, I have Azure Service Bus Relay accompanying by ACS configured to accept SWT tokens issued by my ADFS. Service Bus Relay acts as a reverse proxy to my 'on premises' RESTful web service.
Each client http call contains required "Authorization" header with value:
WRAP access_token="{token}".
Everything works as expected except http calls reaching 'on premises' RESTful web service are missing "Authorization" http headers stripped out by Service Bus Relay. Effectively, calls arrive with no security context.
I can add another http header with user token but it is not the most desirable solution as it would almost double message size. SWT tokens are generally small and this may not appear as an issue but keep in mind that most GSM providers in Europe charge by every 100kb sent. Adding the same header twice effectively almost doubles traffic charges which in scale of the entire company and hundreds of users generates significant additional cost.
Is there any known solution to this problem?
Thank you for any pointers.