Today we will see from fifty thousand view of how STS in general works.
STS meas Security Token Service, First we will see what's the issue we are trying to solve over here.
Issue: We have number service e.g. web page / web service which needs your authentication as well as user authorization, We have another system which posses the information about the user's data which include his credentials and his roles. What we are looking for is a solution to bridge these two system, i.e. we need to use the data from Authentication system which will be consumed by our service to serve request from user in w.r.t to his permission given by Authentication System.
We have three important modules in this system,
1. Service which will be consumed by the user
2. Authentication and Authorization System
3. Token System that could be tamper proof , generated from AA System and consumed by the Service.
Key thing over is the Token itself which is attached with some signature from AA system
