Windows Identity Foundation is a .Net Framework for implementing claims-based identity. The following events occur:
- Unauthenticated user tries to browse RP and get a (HTTP 302 Found) redirect to STS to get authenticated (wsignin1.0 request)
- Browser performs a GET request to STS to get authenticated (wsignin1.0 request)
- User performs authentication at STS (for example by username/password) and on successfull authentication, the STS sends back a hidden form with token which automatically POST back to RP (wsignin1.0 response)
- RP verifies the received token from the form POST and issues a session cookie if the verification was successfull and the user can use the application (wsignin1.0 response)
- User signs out by the browser performs a GET request to STS to get signed out (wsignout1.0 request)
- All upstream STS's get a signout request and respond back and finally the RP receives a request telling it to delete cached session state for the specified user (wsignoutcleanup1.0 request)
Relying Party is the application, that the user wants to access. However if chained STSs are used, then the requesting STS behaves as RP to the responding STS further up the chain
Security Token Server is the service that authenticates the user (for example by username/password) and issues a token with claims about the user
If your text contains multiple messages, only the first will be decoded, and if your text contains both GET and POST messages, only the POST message will be decoded. So be aware of what you paste in.
Both POST and GET requests/responses are decoded, that is wsignin1.0, wsignout1.0 and wsignoutcleanup1.0.Official WS-Federation 1.2 specification.