Scenario 4: Federated authentication: TotalAgility on-premise with partner AD
The following diagram describes claims-based authentication where TotalAgility on-premise uses federated security to authenticate with a local on-premise federated provider (such as AD FS) that itself federates to a remote partner installation of Windows Server AD FS 2.0.
|
The Client accesses remote TotalAgility, and Windows Server AD learns which STSs it trusts. |
|
Windows Server AD accesses remote on-premise STS and learns which STSs it trusts. |
|
Windows Server AD with AD FS 2.0 provides STS that authenticates the Client and returns a token. |
|
Windows Server AD requests the FP token for TotalAgility. |
|
Windows Server AD and Federated Provider STS issue the FP token for TotalAgility. |
|
Windows Server AD submits the FP token to TotalAgility via the Client. |
|
TotalAgility uses the token issued by STS and extracts the claims from the token. |