API Authentication Flow

The SmartHub API authentication flow is as follows:

Identifier Forwarded to the API

• An identifier is forwarded to the API
  • In the case of ADFS/token-based systems the identifier is a JWT token.
  • In the case of Windows authentication (NTLM or Kerberos) a challenge or ticket is negotiated between the browser and IIS and forwarded to SmartHub.

API Analyzes Token

• The API breaks apart the token and analyzes it depending on the type of authentication configured in the Admin Panel.
  • In the case of ADFS/token-based systems the API uses the configured certificate (*.cer public key file) to validate the signature of the token
  • In the case of Windows authentication it self-generates a token based on your Windows identity using a self-generated signing certificate and re-triggers the request as if using a token-based system.

Token Validated

• Once the token is validated - lifetime claims, audience, issuer - the system converts to a user context where the claims are stored internally in our user context and the UPN property is considered the user name identifier