When a user initiates a user session by using a browser to log in to a web-based application, the events in the following illustration occur. The accompanying text describes the process.
The user’s browser sends an HTTP request to the protected resource.
The policy agent inspects the user’s request and finds no session token.
The policy agent contacts the configured authentication URL.
In this example, the authentication URL it is set to the URL of the Distributed Authentication User Interface Service.
The browser sends a GET request to the Distributed Authentication User Interface.
The Session Service creates a new session (session data structure) and generates a session token. The session token is a randomly-generated string that represents the user.
The Authentication Service sets the session token in a cookie.
The next part of the user session is User Authentication.