API Authentication Flow

The SmartHub API authentication flow is as follows:

• Identifier Forwarded to the API

• API Analyzes Token

• Token Validated

Identifier Forwarded to the API

• An identifier is forwarded to the API
  • In the case of ADFS/token-based systems, the identifier is a JWT token.
  • In the case of Windows authentication (NTLM or Kerberos) a challenge or ticket is negotiated between the browser and IIS and forwarded to SmartHub.

API Analyzes Token

• The API breaks apart the token and analyzes it depending on the type of authentication configured in the Admin Panel.
  • In the case of ADFS/token-based systems the API uses the configured certificate (*.cer public key file) to validate the signature of the token.
  • In the case of Windows authentication the API self-generates a token based on your Windows identity using the configured signing certificate (*.pfx private key file) and retriggers the request as if using a token-based system.

Token Validated

• Once the token is validated - only lifetime claims such as not-before and expires-at and signature are validated - the system converts to a user context where the claims are saved in the context and the UPN property is considered the username identifier.