Page created: 24 Jul 2019
|
Page updated: 8 Feb 2022
With the .NET Integration Kit, PingFederate exchanges user attributes with your .NET application through an OpenToken token.
The following figure shows a basic identity-provider (IdP)-intiated single sign-on (SSO)
scenario in which PingFederate federation servers using the .NET Integration Kit exist on
both sides of the identity federation:
Description
- A user initiates an SSO transaction.
- The IdP application inserts user attributes into the agent toolkit for .NET, which encrypts the data internally and generates an OpenToken token.
- A request containing the OpenToken is redirected to the PingFederate IdP server.
- The server invokes the OpenToken IdP Adapter, which retrieves the OpenToken, decrypts, parses, and passes the user attributes to the PingFederate IdP server. The PingFederate IdP server then generates a SAML assertion.
- The SAML assertion is sent to the SP site.
- The PingFederate SP server parses the SAML assertion and passes the user attributes to the OpenToken SP Adapter. The adapter encrypts the data internally and generates an OpenToken.
- A request containing the OpenToken is redirected to the SP application.
- The Agent Toolkit for .NET decrypts and parses the OpenToken and makes the user attributes available to the SP Application.