Question
I need additional clarification.
If I got correctly from this link Where Federation authentication token is saved [WIF STS]? and other general WIF-STS discussions, STS token is in default scenario stored in cookie in an browser. In my browser it is split in two cookies started with FedAuth. It is OK. If I understood good, cookie is created by WIF after STS token validation on RolePlayer application. If it is like that, then cookie is in RolePlayer application domain. When user hit RolePlayer2 application (that is in federation and in second domain) then how STS knows about that user, when it has not access to created cookie.
Could you clarify this to me please ?
Solution
Refer: AD FS 2.0: How to Use Fiddler Web Debugger to Analyze a WS-Federation Passive Sign-In
You'll see the MSIS* cookies are used for ADFS as opposed to the FedAuth cookies that are used for the application.
So you navigate to RolePlayer2, redirects to ADFS, sees you already have a cookie i.e. have authenticated and mints the FedAuth cookies for that domain/application without asking you to login.
https://stackoverflow.com/questions/14067738
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian