Saml ecp, azure ad IDP supports?

Similar Messages

• SAML Credential Mapper does not support credential type

  Has anybody any idea on what could be causing the message below, which is being logged several times?
  <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
  <[ACTIVE] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <1309285937475> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): **SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null**>
  Best regards
  Update: Forgot to mention this is SOA Suite 11G environment
  Edited by: user9501748 on Jun 28, 2011 11:53 AM

  I've got the same issue too.
  My setup is to have one domain acting as both Source and Destination.
  For every 10 seconds, I'm seeing 4 of these logs, and the CPU consumption is 100% consistently.
  ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials: Subject initiator>
  ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentials(Subject): getCredentialInternal() called>
  ####<2-Jun-2009 11:00:27 o'clock AM EDT> <Debug> <SecuritySAMLCredMap> <MYHOST> <AdminServer> <[ACTIVE] ExecuteThread: '18' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1243954827839> <BEA-000000> <SAMLCredentialMapperV2: getCredentialInternal(): SAML Credential Mapper does not support credential type: weblogic.UserPassword, returns null>
  Does anyone know what's happening? I've got one of the Security Provider = Active Directory, and thus there's no password returning. Could it be the root cause of the problem?

• Windows 7 and windows8.1 Azure VM which supports visual studio professional

  I tried to find azure vm which supports Visual Studio professional. 
  without Windows Server 2012, there is no visual studio professional for windows 7 or windows 8.1. 
  if we want it, we should install it manually?

  Dave - Thanks for the prompt response.  I've built this application using MFC in Static Library, x86 configuration.
  OK, that would eliminate the run-time DLLs.
    I've not heard of Depends.exe but found and downloaded it.  Ran it on both Win 7 and 8.1 with similar results shown some missing dlls (e.g.: API-MS-WIN-CORE-PRIVATEPROFILE-L1-1-1.DLL).  I've never heard of these. 
  If they're the same on both, I wouldn't worry about them, it's
  differences that would be relevant.
  On the face of things, there's nothing immediately apparent that would
  prevent your program from running, so is there any error reported
  (message box, or event viewer) when you try to run your application on
  Win8.1?
  Have you tried debugging it on 8.1?
  Dave

• OIF 11g as IDP supporting multiple SPs

  Hello,
  I have OIF 11g setup as an IDP using OAM/OID as the authentication engine. I have configured it following the steps provided in section 3.2.3.2 of the doc here: http://docs.oracle.com/cd/E23943_01/oim.1111/e13400/deployment.htm#BABCAABE. There is an OAM policy protecting fed/user/authnoam.
  I currently have 2 SPs: sp1 and sp2. Can I have different OAM policies for each SP? For example, I want to allow only users in the ldap group sp1_group access to sp1 and users in ldap group sp2_group access to sp2. The issue is that when an authentication request is sent from any SP, it gets sent to fed/user/authnoam, which is protected by one OAM policy.

  I had this requirement too in my previous project where for one SP, we want to authenticate aganist consumer data store and another SP, aganist customer. If i remember correctly, the product doesn't support that. Not sure about 11g R2 though.

• Does Azure Media services support storing images?

  Hi,
  We are planning to store the media files in azure cloud, initially we planned to use the Azure blob storage and after deeply investigating we found the Azure media services has some outstanding capabilities  like streaming offline viewing etc. compared
  to azure blob storage.
  So here my question, does this supports storing the images as well?Please confirm this ASAP.
  I read the some article about media services, there it has been given like below, but Just i want to confirmation about this.
  Supported file types in Azure Media Services
  Various video, audio, and image file types can be uploaded to a Media Services account, with there being no restriction on the types or formats of files that you can upload using the Media Services SDK. However, the Azure Management portal restricts uploads
  to the formats that are supported by the Azure Media Encoder. These import formats include MPEG-1, MPEG-2, MPEG-4, and Windows Media Video encoded video, MP3, WAVE, and Windows Media Audio encoded audio, and BMP, JPEG, and PNG encoded images. The Azure Media
  Encoder can export data as Windows Media Video, Windows Media Audio, MP4, and Smooth Streaming File Format.
  For more information about the supported file formats see "Supported input formats" and "Introduction to encoding."
  Thanks,
  Kiran

  Hi John,
  One more Question here.
  As of now we are planning to store and retrieve only the images and audio files with media services, so can I avoid encoding and packaging and use it?Will it work?
  Can I access the  images and audio files without encoding and packaging?
  In future, we are are planning to add the videos as well.
  I think encoding and packaging will come into picture when streaming the videos.
  Thanks,
  Kiran

• Remove "sslVersion=3L," from Sample R Code Invoking a Web Service, as a Result of Azure Disabling SSLV3 Support

  Hello everyone,
  As part of January security updates, Azure has disabled SSLV3.0 support by default for Azure Cloud Services customers, effective 01/19/2015. For details, please check
  Security Bulletin.
  As a result, the sample code to invoke a web service will not work if SSL version 3.0 is specified. For example, R sample code has
  # Accept SSL certificates issued by public Certificate Authorities
  options(RCurlOptions = list(sslVersion=3L, cainfo = system.file("CurlSSL", "cacert.pem", package = "RCurl")))
  You will hit errors as below
  * Hostname was NOT found in DNS cache
  *   Trying 191.238.225.148...
  * Connected to ussouthcentral.services.azureml.net (191.238.225.148) port 443 (#0)
  * successfully set certificate verify locations:
  *   CAfile: C:/Program Files/R/R-3.1.2/library/RCurl/CurlSSL/cacert.pem
    CApath: none
  * Unknown SSL protocol error in connection to ussouthcentral.services.azureml.net:443
  * Closing connection 0
  Error in function (type, msg, asError = TRUE)  :
    Unknown SSL protocol error in connection to ussouthcentral.services.azureml.net:443
  The mitigation is
  Upgrade R client's RCurl package to the latest version (in RStudio, this can be done using Tools -> Check for package updates)
  In the sample code, remove sslVersion=3L.
  AzureML team is aware of this issue and an update to the sample code is scheduled soon.
  Thanks,
  Jing

  Or, if you want to be explicit, set sslVersion = 1, that also works,
  Thanks,
  Jing

• I can no longer log in to Azure Portal (or Support)

  Hi. For the past few days I have not been able to log in to the Azure Portal (or Azure Support). I have tried on separate machines and it fails on them all. I can log into other Microsoft properties, like Bing and Outlook.com with the same MSA.
  This is the error I receive:
  https://login.windows.net/common/wsfederation?f=255&MSPPError=-2147217320
  Sign In
  Sorry, but we’re having trouble signing you in.
  We received a bad request.
  Additional technical information: 
  Correlation ID: adf15a25-4f0f-41c3-bd05-d7da01ff8fa6 
  Timestamp: 2014-08-07 15:12:34Z 
  AADSTS20012: An error occurred when we tried to process a WS-Federation message. The message was invalid. 
  Best regards,
  Jerry ([email protected])
  Jerry Nixon

  Hi,
  Based on your description, there may be some issue with your azure account, please try to contact with azure support, it's a best choice, Please contact support team by creating a support ticket at
  http://www.windowsazure.com/en-us/support/contact/ Or if that doesn't work because you don't have an active subscription you will need to contact general customer support to have them create a
  support ticket for you
  http://support.microsoft.com/gp/customer-service-phone-numbers?wa=wsignin1.0
  Best Regards
  Jambor
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Multiple IdP support for HCP Portal

  Hi all,
  I'm having lots of fun developing on the HCP and really love it!
  Now I need to integrate multiple IdPs for the same account.
  I know this can be specified using the url structure:
  https://<app name>.hana.ondemand.com/index.jsp?saml2idp=<idp name>
  I also plan to use the HCP Portal, so my question would be:
  Can I use the url parameter above (saml2idp) also for HCP Portal?
  Thanks, regards
  Vincenzo

  Hi Vincenzo,
  Thanks for your kind words about HCP!
  I'll move this thread to the dedicated SAP HANA Cloud Portal space where you should have better chances of getting it answered.
  Cheers,
  --Vlado

• Does Azure supports switching between databases?

  We have 1000s of Stored Procedures, Views & Functions with 'SELECT * FROM DB1.dbo.TBL1' we constantly switch between databases (about 300 of them) within a single instance, running real-time on-line business. These are back-end SQL queries that
  we normally run from one of the ADMIN databases with in the same instance.
  I tried using 'USE <database name>' and realized that it does not support and then tried using <db name>.dbo.<tbl name> that also does not work.
  If these 2 functions does not support within Azure we simply cannot use the environment to support our business databases, could someone please confirm this - thanks.

  Hello,
  Yes. Cross database references or four-part names are not supported by SQL Azure.
  Windows Azure SQL Database supports the three-part name database_name.[schema_name].object_name when:
  • the database_name is the current database
  • the database_name is tempdb and the object_name starts with #.
  Reference:Syntax Conventions (Azure SQL Database)
  Regards,
  Fanny Liu
  If you have any feedback on our support, please click here. 
  Fanny Liu
  TechNet Community Support

• Using oauth2 flows of Azure Acite Directory (AAD), in API

  documentation on the API feature of azure makes strongly hints that oauth2 is supported. But, that's like saying saml is supported (without specifying the profile of SAML2 or SAML1.1). The hint is far too vague to be actionable. What matters to me is that
  the oauth2 features of Active AD's IDP/STS are supported (and that the JWT tokens and keying properties of AAD can be consumed by API handlers).
  Does anyone having any interworking stories to tell, with AAD? Any samples, blog posts etc?
  Its seems REALLY useful to have 1) mobile sites consume AAD and 2)( API sites similarly consume tokens - whose audiences that cover both the mobile and API endpoints. But, is it reality?

  Hi Peter,
  Firstly, as I know, Azure AD is supported SAML2.0. And we can use and configure SAML2.0 in Azure AD (https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx ).And
  Azure AD supported the JWT and SAML2.0 token formation. From the official document(http://azure.microsoft.com/en-us/documentation/articles/api-management-howto-oauth2/
  ), we can set the OAuth2.0 with Azure AD in API Management service. You can try to configure the AZURE AD as a Authorization Server in API management service.
  The links below is some resources:
  https://msdn.microsoft.com/en-us/library/azure/dn151124.aspx
  https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx
  http://blogs.msdn.com/b/brunoterkaly/archive/2014/07/17/fundamentals-of-active-directory-in-the-cloud-azure-and-on-premises.aspx
  Regards,
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Issues to Configure SAML ,I tried alot but its not working ,Below Given instruction how to configure SAML

  SAML Overview
  Security Assertion Markup Language (SAML) is an XML-based standard for exchanging authentication and
  authorization data between security domains, that is, between an identity provider (a producer of assertions)
  and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services
  Technical Committee.
  SAML is relevant to those customers who already have a SAML implementation in use with other systems in
  their organization. Therefore, it is recommended you engage your technology team that has a working 
  knowledge of SAML and provide this document to them for their review.
  Key Roles
  • Identity Provider (IDP): The system in authority that provides the user information
  • Service Provider (SP): The system that trusts the asserting party’s information, and uses the data to
  provide an application to the user.
  • Subject: The user and their identity that is involved in the transaction.
  Note! In our context, Learning Maestro is the SP, the IDP is customer-specific, and the Subject is the user
  who is logged in.
  Copyright © 2013 SumTotal Systems, LLC. All rights reserved. Duplication prohibited. 2
  Typical SAML Components
  Source: http://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf
  Copyright © 2013 SumTotal Systems, LLC. All rights reserved. Duplication prohibited. 3
  Implementing SAML 2.0
  • SumTotal LMS supports only SAML 2.0 Standards.
  • We support only IDP-initiated SAML authentication.
  • The SAML Response should be signed and base64 Encoded.
  • UserName should be passed in NameID element under Assertion\Subject Keys.
  • We use the timestamp provided in IssueInstant attribute of SAML Assertion to find the valid period
  (+/- 5 min ) for the SAML Response.
  • Currently, we do not support signed or encrypted assertions.
  • Deep linked URLs can be passed through an additional URL parameter of “OriginalURL.”
  IDP Initiated Web SSO
  Source: http://www.ijcsi.org/papers/2-41-48.pdf
  4
  When Learning Maestro is Accessed from a Portal
  1. The user logs into the customer portal.
  2. The user clicks on a link to the LMS from the customer’s portal.
  3. The link points to an IDP page.
  4. The IDP pages posts an HTTP Request to Learning Maestro
  5. The request is an < ... > message.
  Typical Structure of a SAML Response
  • Below is the typical SAML Response received by LMS from IDP
  • Value of SAMLResponse parameter should be base64 Encoded.
  Please double-click to open the below XML file to view how the response looks after decoding:
  ExampleSuccessfulAssertion.xml
  5
  Configuring SAML 2.0
  SumTotal Maestro supports SAML 2.0 for the “Identity Provider Initialized SSO” protocol.
  To configure your Maestro domain to accept SAML 2.0 Assertions, the following steps must be taken:
  1. Confirm that Usernames are in sync
  2. Provide an X.509 Certificate to SumTotal Systems (SHA1 Hashed)
  SumTotal Systems will configure your environment with the X.509 cert you provide.
  3. Point your call to the following URL:
  https://gm1.geolearning.com/geonext/<your_domain>/saml.geo
  After authenticating to your Identity Provider, the provider will pass a user into Maestro IF:
  • The user has a username matching an existing Maestro username
  • The x509 certificates match on both sides
  If authentication fails, the user will be presented with a failure page.
  Assertions
  An optional assertion is available to specify the URL a user will be sent if there is an authentication error.
  ErrorRedirectURL Assertion
  • If ‘ErrorRedirectURL’ is not specified and an authentication error or other security exception 
  occurs it will redirect the user to the default secerror.geo page as it does today
  • If a value (URL) is specified for ‘ErrorRedirectURL’ and there is an authentication error the user 
  will be redirected to the URL specified
  Sample
  6
  Additional Information
  For additional information on SAML, please refer to the following sources:
  Wikipedia: Security Assertion Markup Language
  OASIS Executive Summary
  IJCSI Intermediate Concept
  OASIS Technical Overview
  FAQs
  Question Answer
  What .NET library are we using? SumTotal uses “Componentspace” net SAML 2.0 library
  Can users still log in via the login page? Yes. The SAML target page is different than the login page.
  Can we deep link into the LMS through 
  the SAML 2.0 authentication workflow?
  Can I get rid of the Logout button?
  What is the Session timeout setting? Session Hard Life and Idle Life settings can be configured in 
  What is the unique ID for SAML? The “username” field.
  Yes. “Deep Link Target” (target or original URL parameter) is 
  accepted. If none is provided, then it will default to the default 
  landing page as configured in Maestro.
  Yes, When using SAML, the logout button still exists 
  intentionally in the navigation but can be disabled in the 
  “configure Navigation” options.
  the security section of the administration interface of Maestro.
  What is the failure page if
  Authentication fails?
  If the authentication fails, by default an intentionally simple error
  is presented to the user stating “Authentication Failure”.
  For security purposes, no further information regarding the 
  specifics of the failure are defined to the user.
  An optional ErrorRedirectURL assertion can be used.
  What URL do we point to? https://gm1.geolearning.com/geonext/<your_domain>/saml.geo

  Hello,
  Thanks for posting your question to here. However, this forum is used to discuss and ask questions about .NET Framework Base Classes (BCL) such as Collections, I/O, Regigistry, Globalization, Reflection. For issues regarding configuring SAML, this is beyond
  the scope of our support.
  Regards.
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• How to add description of a column of a table in SQL Azure

  Hi
  I have some tables in my application database where there are descriptions added against certain columns. Needless to say they were done by using sp_addextendedproperty.
  Now I am trying to migrate the Database to SQL Azure. SQL Azure does not support sp_addextendedproperty.
  Hence I am not able to figure out how to add descriptions to those columns.
  Any help would be much appreciated.
  Thanks
  Soumyadeb

  Hello,
  Just as Latheesh post above, Windows Azure SQL database are not support extended stored procedures. That’s one of the limitations on SQL database, and I don’t know there is another way to achieve the same on Azure.
  Regards,
  Fanny Liu
  Fanny Liu
  TechNet Community Support

• Is it possible to use both an ILB and an ELB (listening on the same port) in the same Azure cloud service?

  I'm building a test Lync deployment on Azure; yes, I know this is not supported, hence "test".
  Lync Front-End servers expose two set of web services, one for internal users and one for external ones; they listen on different ports (443 and 4443) on the same servers; when external services are published, you need a reverse proxy or a port forwarding
  in order to map port 443 of a public IP address to port 4443 of the Front-End server(s). When you have multiple Front-End servers in a pool, you also need to load-balance them.
  So, a typical Lync deployment looks like this:
         Internal users
                   |
                 443
                    |
            Internal LB
          192.168.0.20
          443         443
            |               |
     Lync FE 1     Lync FE 2
  192.168.0.21 192.168.0.22
            |               |
        4443        4443
            External LB
         Public IP Address
                   |
                443
                   |
         External Users
  This should be easily replicated in Azure, as it supports both external load balancing and internal load balancing. They are even supported together in the same cloud service, so this configuration should be easy. However, it looks like "should"
  is the keyword here.
  After creating the external load balanced endpoint (which listens on external port 443 and forwards to port 4443 on the servers), I'm trying to create an internal load balancer and add internal endpoints to is; however, while the ILB can be created successfully,
  adding an internal endpoint listening on port 443 and forwarding to port 443 on the servers fails miserably, with an error stating that port 443 is already in use by another endpoint:
  Update-AzureVM : BadRequest : Port 443 is already in use by one of the endpoints in this deployment. Ensure that the port numbers are unique across endpoints within a deployment.
  For reference, my commands are:
  Add-AzureInternalLoadBalancer -InternalLoadBalancerName "LyncILB" -ServiceName "LyncFrontEnd" -SubnetName "LabSubnet" -StaticVNetIPAddress 192.168.0.20
  (This completes successfully)
  Get-AzureVM LYNCFE1 | Add-AzureEndpoint -Name "Https-Int" -Protocol "tcp" -LocalPort 443 -PublicPort 443 -LBSetName "HttpsIntLB" -DefaultProbe -InternalLoadBalancerName "LyncILB"
  (This fails)
  The existing external endpoint is configured as such:
  Get-AzureVM LYNCFE1 | get-azureendpoint
  LBSetName : HttpsExtLB
  LocalPort : 4443
  Name : HTTPS-Ext
  Port : 443
  Protocol : tcp
  Vip :
  ProbePath :
  ProbePort : 4443
  ProbeProtocol : tcp
  ProbeIntervalInSeconds : 15
  ProbeTimeoutInSeconds : 31
  EnableDirectServerReturn : False
  Acl : {}
  InternalLoadBalancerName :
  IdleTimeoutInMinutes :
  LoadBalancerDistribution :
  The error doesn't even make a lot of sense; the external load balancer listens on a public IP address, while the internal load balancer listens on a private IP address in the internal network; there
  shouldn't be any conflict here... however it looks like there is one instead.
  Why doesn't this work? Am I doing something wrong, or is Azure networking just being silly as usual again?

  Hello Massimo Pascucci,
  The issue that you are facing when creating an endpoint with internal loadbalancer is the limitation of not allowing same ports to be listening under a single cloud service. This reason for this is that there is a limitation of only one private IP (Also
  known as the Internal load balanced IP) per cloud service.
  There is also a limitation on the Internal load balancer more than one port to be published per load balancer:
  You can leave your feedback by following the link below:
  https://social.msdn.microsoft.com/Forums/en-US/1805c5a0-3906-4cd6-8561-9802d77e0ae5/is-it-possible-to-use-both-an-ilb-and-an-elb-listening-on-the-same-port-in-the-same-azure-cloud?forum=WAVirtualMachinesVirtualNetwork
  Refer to this article for more information on Internal load balancer:
  http://azure.microsoft.com/blog/2014/05/20/internal-load-balancing/
  Thanks,
  Syed Irfan Hussain

• Remove a credit card from Azure billing (not cancel account)

  I have a PAYG subscription and have added a second credit card for payment.  I would now like to remove the first credit card but there is no option to do this.  How can I remove a credit credit card?
  Note: Unlike similar questions here I do not wish to cancel or delete my subscription/services.
  Thanks.

  Support told me that card cannot be removed.
  From: Vikash Singh (Spectrum Consultants India Pvt)
  Sent: Friday, April 4, 2014 1:21 AM
  To: '[email protected]'
  Cc: MSSolve Case Email
  Subject: RE: [REG:114040311332185] Want to remove the personal credit card from the Azure Account and subscriptions
  Hello Martin,
  Thank you for your email.
  The card cannot be removed until it is associated as a default payment method to the MSDN Visual Studio Premium Subscription ID:
  xxxxxxxxxxxxxxxxxxxxx. So first you need to add another company credit card to the Azure Account and Subscription by following the steps below:
  Steps to add a new credit card 
  Login in to https://account.windowsazure.com
  using the account owner Live ID. 
  Click on “Account” tab. 
  Now click on the “Subscriptions” tab. 
  Select the subscription that you want to edit. 
  Click on ‘Change Payment Method’ 
  Click on '+' sign next to Credit Card to add a new card. 
  Enter the Credit Card Number, Name on Card, Expiration Date and CVV number 
  Click on Next to complete the process.       
  Once the new card is added then you need to remove your card from the Azure Account
  Login to commerce.microsoft.com
   using your account administrator credentials. 
  Select Payment Options.
  Select the credit card which you want to remove and click on
  remove. 
  Please let me know once you have followed these above mentioned steps successfully to complete your request. I will be waiting for your response!
  Best Regards,
  Vikash   Singh
  Support   Engineer
  Microsoft   Azure Subscription Management Support
  Working Hours        :  08AM - 05PM (Mon-Fri) UTC
  Email                       : 
  [email protected]
  Escalation   Email    : 
  [email protected]
  Manager   Email     : 
  [email protected]

• What are Azure limitations for Websockets in Cloud Services (web and worker role)?

  A WebSocket Server should be built on Azure platform with OnPrem connections and have questions regarding limitations for Websockets in Azure Cloud Services - web and worker roles.
  Websockets can be configured for Web Sites and limitations are understood, but Azure Websites is not an option. 
  Nevertheless it is planned to run a web service (without UI - no web site) as a Cloud service which has secure websocket (WSS) connections to OnPrem machines. Websocket protocol is enabled for IIS8 on Cloud services web and worker roles. Azure Service Bus Relay
  is not an option.
  Questions:
  1) Are Websockets supported for Azure Cloud services web and worker roles? we assume yes
  2) What are potential limitations from Azure side to support concurrent Websocket connections? We are aware that CPU, memory etc are limitations, but are there additional limitations from MS Azure side? 
   

  Hi,
  As I know, azure cloud service web and worker role support Websockets, users can connect to the role via the special endpoint, if we use Azure cloud service, I think we can monitor the metrics such as CPU, memory, etc... and scale our cloud service via these
  metrics to keep the websockets working, refer to
  http://azure.microsoft.com/en-us/documentation/articles/cloud-services-how-to-scale/ for more information about how to scale a cloud service.
  Regards