Interaction between Browser, Application, IdentityServer and ADFS during Authentication

Asked Dec 01 '16 at 00:42

Active Dec 02 '16 at 23:30

Viewed 1,127 times

I would like to check my understanding of the authentication interaction between a Browser, an Application, IdentityServer and ADFS 3.0 for a federated authentication scenario.

I created the sequence diagram below after some googling and reviewing logs in Identity Server.

It seems straightforward up to step 7, but I believe I may be missing or confusing the interaction that takes place after that between IdentityServer and ADFS 3.0. For example, I can see an IdentityServer log entry that states:

Callback invoked from external identity provider

This line would seem to imply direct interaction between ADFS and IdentityServer and contradict step #9 in my diagram. So, does the browser forward the ADFS token to IdentityServer as in step #9 in my diagram, or does ADFS send the token directly to IdentityServer? If the later, where would that occur in the sequence.

Any insight would be very much appreciated!

edited Dec 02 '16 at 23:30

asked Dec 01 '16 at 00:42

Rob Davis

1,299
1
10
22

1

Everything is done with redirects. – rbrayb Dec 04 '16 at 18:55
1

The only use case where there is server to server AFAIK is when you use artifact resolution in SAML where a back channel is invoked. – rbrayb Dec 04 '16 at 18:57

Interaction between Browser, Application, IdentityServer and ADFS during Authentication

0 Answers0