Check other parts
In this part we will talk about federated identities. Suppose you have an application and you want identities from partner organization to authenticate using their identities. So you have a client from your partner organization trying to access your claims based application. Your corporate ADFS and the partner ADFS have trust between each others.
- First of all your ADFS should trust the partner ADFS.
- A user from the partner company tries to access you web application using his browser.
- Your claims based application will redirect the user’s browser to your corporate ADFS.
- Your corporate ADFS will try to do Rearm Discovery by giving you the option to choose from a list of rearms it support. The user will choose his company (the partner company) from the list, and his choice is saved as a cookie on his machine so that next time he would not be prompted to choose one.
- The ADFS then redirect the client to the partner ADFS, where the user authenticates and gets a security token that is signed. The client will get couple of cookies so he would not need to authenticate again to the partner ADFS.
- The partner’s ADFS will redirect the client to the corporate ADFS with the signed token.
- The corporate ADFS will validate the token signed by the partner’s ADFS and will issue a security token signed by the corporate ADFS along with couple of cookies so that the client will not need to authenticate again to the corporate ADFS.
- Client will be redirected to the application and presents the signed token it gets from the corporate ADFS.
- The claims based application will validate the token and allow access to the application and will send couple of cookies so that the client will not need to authenticate again to that web application.
Trust always travels from PARTNER ADFS >> CORPORATE ADFS >> APPLICATION