.NET SDK Guide › Using the .NET SDK › Program Flow at the Relying Party

Program Flow at the Relying Party

With Federation Manager at the relying party, the .NET application can receive user information from Federation Manager. Program flow with Federation Manager at the relying party proceeds as follows:

1. Federation Manager receives a SAML Assertion during request processing.
2. Federation Manager creates the cookie with the latest user information.
3. Federation Manager encrypts the cookie using a FIPS-compliant algorithm. The key used to encrypt the cookie is derived from a shared secret, communicated between Federation Manager and the application out-of band.
4. Federation Manager sends the encrypted open format cookie to the .NET application.
5. The .NET application calls the .NET SDK to decrypt and process the cookie.
6. The .NET application retrieves values for assertion attributes and principal attributes.
7. The .NET application can determine whether the cookie is no longer valid by calling the isExpired() method, with or without specifying a skew time. The method compares the expiration time stamp on the cookie, adding in the optional skew time, with the current GMT time. If the GMT time is greater, the cookie has expired. The cookie's expiration time stamp is specified using setTimeToLive() method when the cookie is created.
8. The .NET application can also set URIs for AuthnContext and UserConsent.

The following diagram shows program flow at the relying party: