This document describe how developers should configure and use the Atomia Identity Security Token Service (STS) from their applications.
Atomia Identity (STS) authentication architecture
Image: Identity authentication architecture.
By looking at the image above we could distinguish two different Authentication paths:
- Authenticating user to use web application (steps 1, 2, 3, 4) – To be able to use the web application user must authenticate to the STS, providing the username and password. Then the user gets the SAML token key containing the set of claims those identify the user to the Web Application.
- Authenticating web application to use WCF service (with identity delegation) (steps 6, 7, 3, 8) – In order to use the WCF service through the web application, web application needs to delegate user’s credentials to the STS by providing the user’s token (given to the user in the previous iteration) and its certificate. Then the WCF service has the identity information about the logged user and its delegate (web application).