2.2.6.3 Federated Authentication Token
Stream Name:
-
FEDAUTH
Stream Function:
An authentication token for federated authentication.<16>
Stream Comments:
Packet header type 0x08.
This stream contains the client’s federated authentication token, generated by a client library that is supported by the server, and any other information, as laid out in the rules for the particular bFedAuthLibrary that is indicated in the FEDAUTH FeatureExt in the Login message.
The server MUST respond with a Login Response message or an error.
Stream-Specific Rules:
-
DataLen = DWORD FedAuthToken = L_VARBYTE Nonce = 32BYTE
Stream Definition:
Stream is defined based on the bFedAuthLibrary that is used in Login message FEDAUTH FeatureExt. This message MUST not be sent for any values of bFedAuthLibrary that are not listed in this section.
When bFedAuthLibrary is Azure Active Directory Authentication Library (ADAL) [that is, 0x02]:
-
FEDAUTH = DataLen FedAuthToken [Nonce]
Stream Parameter Details
|
Parameter |
Description |
|---|---|
|
DataLen |
The total length of the data in the Federated Authentication Token message that follows this field. DataLen does not include the size that is used for the DataLen field itself. |
|
FedAuthToken |
Contains the federated authentication token data that is generated by the federated authentication library. The federated authentication library that is used to generate the token MUST be the same library that is specified as bFedAuthLibrary in the client’s Login FEDAUTH FeatureExt message. |
|
Nonce |
The nonce, if provided by the server during the pre-login exchange, that is echoed back to the server by the client. If the server provided a nonce in the pre-login exchange, the client MUST echo the nonce back to the server in this field. If the server did not provide a nonce to the client in the pre-login exchange, this field MUST NOT be included in the stream. |