.NET Integration Kit

Overview of the SSO flow

With the .NET Integration Kit, PingFederate exchanges user attributes with your .NET application through an OpenToken token.

The following figure shows a basic identity-provider (IdP)-intiated single sign-on (SSO) scenario in which PingFederate federation servers using the .NET Integration Kit exist on both sides of the identity federation:

bco1563995493632

Description

  1. A user initiates an SSO transaction.

  2. The IdP application inserts user attributes into the agent toolkit for .NET, which encrypts the data internally and generates an OpenToken token.

  3. A request containing the OpenToken is redirected to the PingFederate IdP server.

  4. The server invokes the OpenToken IdP Adapter, which retrieves the OpenToken, decrypts, parses, and passes the user attributes to the PingFederate IdP server. The PingFederate IdP server then generates a SAML assertion.

  5. The SAML assertion is sent to the SP site.

  6. The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The adapter encrypts the data internally and generates an OpenToken.

  7. A request containing the OpenToken is redirected to the SP application.

  8. The Agent Toolkit for .NET decrypts and parses the OpenToken and makes the user attributes available to the SP Application.