You can see the request and Response below In the response, the Client receives a Web ticket URL, which provides the location of the WebTicketService. We are here trying to discover a specific users home pool, hence the request will go to the “User” URL. The client then sends a request to the user URL. (I haven't included the TCP and TLS handshake screen shots here, you can see those if you collect a Network trace while signing in) It then tries to Do a TCP handshake with, Followed by a TLS handshake. (This is the External webservices URL for autodiscover on the ON Premise SFB environment) The SFB Client learns that it needs to Contact
#SIGN IN TO SKYPE ONLINE CODE#
The response code for this request will be '200 ok' and in the response we should receive the external webservices URL for autodiscover.
Whenever a user enters his SIP URI to sign in the SFB client forms an autodiscover URL using the domain name that it extracts from the users SIP URI to start the discovery process and then it sends an Unauthenticated Get request to the URL,. When a SFB client wants to Sign in, It needs to know where it can send its request to be able to Sign in. The SFB client can now send a Register again and use the certificate it downloaded for authenticationīelow is a graphical representation of the SFB online Client Sign in process
The client will submit the same webticket obtained in step 23 to the Cert provisioning service The Client had already Obtained a webticket in step 23 above Here again the Client is challenged for authentication and is redirected to webticket service to get Webticket The SFB client then sends a request to Certprov
It is then challenged for authentication again, here the ONLY supported method of authentication is TLS-DSK, The client is provided a Cert provisioning URL ( The SFB client now sends a SIP register to the Online Edge pool (" port="443) In Response Autodiscover will provide the Pool names (" port="443) where the client can send Register to Sign in Webticket service now will grant a Webticket to the Client The Client then submits this token that it received from to Webticket Service will now issue the Modern Auth Token to the client The Client then submits this token to which in turn passes the client to
#SIGN IN TO SKYPE ONLINE PASSWORD#
The Client may receive a Password prompt (or previously saved password from credential manager is passed) and once the correct password is provided, ADFS will issue a Token to the client SFB client will then send a request to ADFS server and request a token Since the tenant is enabled for ADFS the client is then redirected to the ON Premise ADFS server Now in order to authenticate the client reaches out to and requests a Token, The intention here is to Get a Token from įrom this point onwards we will see that will redirect the client to Webticket Service Redirects the Client to Modern Auth Provider () Since the SFB user is homed Online, In Response Autodiscover will provide the Online Autodiscover webservices URL's names ( The client then submits this webticket to Autodiscover Once the password is provided, Webticket service will issue a Webticket to the client. The Client may receive a Password prompt (or previously saved password from credential manager is passed) Here the Client has to Authenticate (NTLM). The Client then sends a POST request to Webticket Service The Client is then challenged and is provided the URL for Webticket service where it can request a Webticket SFB Client then sends a Request to Autodiscover to discover its pool for sign in. The Client is then redirected to Autodiscover SFB Client then sends a unauthenticated GET request to This should point to External web services URL (ON Premise Reverse Proxy) which in this case is SIP URI of the user - client Queries DNS for. My intention here is to explain what happens in the background when a SFB client signs in so that it helps engineers and customers troubleshooting issues related to Sign in and Authentication.ĭetailed Explanation of SFB online Client Sign in process with LOG Snippets: may not be standard terminology, I use them solely to make the understanding simpler. Some of the terms I use to describe things like Modern Auth provider, O365 AD, Org ID etc. I have tried my best to ensure the information below is accurate. SFB Hybrid environment, SFB user is homed Online, ADFS is Configured, MA (Modern Auth) is Disabled ON premise but is Enabled in O365 First published on TECHNET on Apr 13, 2018
0 kommentar(er)
