ADFS Authentication with Office 365

  1. User go to an Office 365 url
  2. User is redirected to Microsoft Federation Gateway (login.microsoftonline.com)
  3. User enter his UPN
  4. UPN is recognized by the MFG as a federated domain
  5. User is redirected to the ADFS Server
  6. User use his Kerberos TGT (Ticket Granted Ticket) ticket to authenticate
  7. ADFS send the TGT ticket to the domain controller
  8. ADFS receive a Service Ticket telling who is the user
  9. ADFS use the Service Ticket to query Active Directory for user attribute (UPN, First Name, Last Name, etc.)
  10.  ADFS build a SAML token with user attribute
  11. ADFS server post this SAML token via User browser to MFG
  12. MFG verifies the SAML token signature to validate that is the right ADFS server
  13. MFG create his own SAML token (UPN is inside)
  14. The MFG SMLA token is post back to Office 365 platform using the user browser
  15. Office 365 look for an account with the user UPN
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s