In a simplified way, the diagram that follows depicts the way in which the authentication and authorization take place. For this scenario, it is assumed that the browser utilized is a brand new browser process; that is, no cookies from a previous session are active/stored.
The following steps briefly describe requesting secured resources from two applications that share the same LTPA signers:
1. A user through a browser BR would request a page from EAi. The request won't include any session-related cookies.
2. The environment in which EAi is hosted would receive the request and it would be determined that BR must authenticate and, upon successfully doing so, BR must include the corresponding credentials to access the resource hosted by EAi.
3. EAi answers BR's requests by asking for a validation token. BR might be redirected to a generic authentication form and it is assumed that successfully would enter the required information and would receive...