On July 2012 I had the problem that I wanted to connect to a SharePoint Online instance that had an Active Directory Federation Services (ADFS) in front. At this time I couldn’t find any how-to on the web that would explain me how to do it. I asked at stackoverflow.com for a solution and became a hint and also found a post by Wictor Wilén at his blog that describes the authentication to SharePoint Online without an ADFS. At this time I solved my problem with a workaround in the project but later that year I had the same problem again and I know that I had to solve it on my own because my stackoverflow.com question hadn’t received any new answers.
I used Fiddler, a web debugging proxy, to understand the authentication process. First you need to get the Security Assertion Markup Language (SAML) tokens. I looked up the needed requirements for the SAML-Tokens and was able to get them. With those tokens I was now able to get a token from the Microsoft Online Services (MOS) via the Secure Token Service (STS). With that token I can now finally authenticate my application against SharePoint Online and receive a authentication token that I have to use in all my REST-Requests (as cookies) in order to authenticate my requests.
At this last point on receiving the token from the Secure Token Service (STS) I stumbled upon an article from Omar Venado that solved my problem and posted the solution in his blog. Because I was short on time I used his finished solution in my project (with a few fixes and modifications) and throw my pre finished solution away. This is why I didn’t post some code snippets - look at Omar’s post for the snippets and a deeper explanation.
But because of my question on stackoverflow.com I received a view e-mails if I had found the solution to my problem and if I’m willing to share it. So I fought I make this blog post to spread the solution. I have also created a new project and copied the modified version of Omar’s solution in it and created a Windows 8 Store skeleton app. You can find it at Github: SharePointAuthentication
Feel free to use it, improve it and tell others about it ;-)