0 context and basic workflow, Context and basic workflow – HID Microsoft ADFS and ActivID AS using SAML User Manual

ActivID Appliance 7.2 and AD FS | integration Handbook | ADFS

External Release | © 2013 HID Global Corporation/ASSA ABLOY AB. All rights reserved.

Page 4

2.0

Context and Basic Workflow

In the context of the ActivID Appliance, ADFS is a Service Provider (SP) and ActivID® Appliance is an Identity
Provider (IDP) using SAMLv2.0.

For complete details, please have the ActivID Appliance Identity Provider Solution Guide handy for quick
reference.

Consider the following typical (generic) scenario. Please refer to the following diagram.

• Steps 1 and 2: The user’s web browser tries to access the web server and is redirected to the AD FS-R

(proxy) server to authenticate the user.

• Steps 3 and 4: At the AD FS-R server, after figuring out which identity partner the user should access,

redirects the browser to the ActivID Appliance IDP.

• Steps 5 and 6: At the ActivID Appliance, the user is authenticated and given an SAML token and redirected

back to the ADFS-R server.

• Steps 7 and 8: Once back at the ADFS-R server, the SAML token is exchanged for a token that the web

server understands and then the user is redirected back to the web server.

• Steps 9 and 10: Finally, once the user’s web browser presents the appropriate token (cookie), the web server

allows the user access to the content.