Sunday, September 29, 2013

Active STS vs. Passive STS scenarios

Active STS

The relying party (i.e. client application) has the ability to acquire username and password or some other mean like an x.509 certificate used for authentication.

In the case of username/password, usually it means having a login page.

Then those credentials will be sent over to STS via a web service call for authentication

Passive STS

The relying party does not acquire credentials; STS is responsible of it.

The request from the relying party to STS goes as an HTTP GET.

No comments: