Scenario 1: Federated authentication: TotalAgility on-premise and AD
The following diagram describes claims-based authentication where TotalAgility on-premise uses federated security to authenticate with a local on-premise installation of Windows Server AD FS 2.0.
|
The Client logs in to the domain (Windows Server AD) using the credentials (Username and Password) and Windows Server AD gets the Kerberos ticket. |
|
The Client accesses TotalAgility. |
|
Windows Server AD presents the Kerberos ticket to AD FS 2.0 and requests a token. |
|
Windows Server AD finds claims required by TotalAgility and creates a token. |
|
Windows Server AD with AD FS 2.0 provides STS that authenticates the Client and returns the claims token. |
|
Windows Server AD submits the token to TotalAgility (relying party) via the Client. |
|
TotalAgility uses the token issued by STS and extracts the claims from the token. |